Amazon has something for everyone, which is why Amazon gift cards are one of the most popular items to giveaway for organizations across the globe. With so many companies offering these gift cards as thank you’s and prizes, it can hard to identify when one of these offers is not legitimate and instead of a phishing email.
Below is an example of one of these Amazon gift card phishing emails, broken down and examined to identify the indicators of phishing.
The sender address of this email is sent from a “Dingoba.com” domain which, unless the receiver has recently interacted with this domain they should immediately realize this is a fake email and they should just delete it.
Suggesting that a user can “double [their] Amazon-Member Reward Points,” the subject line of this email promises something that most Amazon members know could not happen. Amazon member rewards points are only given to users that have an Amazon-branded credit card and are rewarded for purchases made with the card. There is very little chance that there is a legitimate way to double the reward points, which should be a red flag for anyone receiving this email.
Like with the majority of phishing emails, this email contains no personalization, a sign that the sender does not know the receiver and is most likely a scammer.
While this email uses the proper brand colors of Amazon, the layout and language of this email does not align with the Amazon brand. It is also rare that a corporation will send an email out with all blue text, as it is not as easy to read and is usually mistaken as a link.
The content of this email is very brief, ambiguous, and contradictive. The subject line suggests that the email would tell the user how to double their reward points, the thank you at the top of the email suggests the user can just redeem the gift card, and the body text implies that the user will be entered into a drawing for the gift card; this lack of clarity, is something that official emails will almost never have.
There are two main links in this email, one in the call to action button “Continue Here” and one in the image of the Amazon gift card. Both these links, when hovered over, show that they lead to Dingoba domains with paths that are strange and appear as unsafe. As mentioned above, unless the user is familiar with Dingoba as a company personally they should not click on the link and just delete the email.
There is no signature from the “Dingabo” company on this email, which is usually a sign that the company is not real and the email is a phishing email. The company “Crum & Baker Design” however, is listed in the signature with an address in Pueblo, Colorado, again reinforcing the idea that this email is not authentic.
Contact us today to teach your users how to detect and defend against phishing.