Email fraud, phishing in particular, is getting better all the time…well, worse actually because it’s getting better. Most phishing emails are easy to spot by their poor spelling and punctuation and sometimes nonsensical English. “Please click to verify your account for the box of mail to continuing your size limit.” If your mail provider actually sends you an email that reads like this, you need a new mail provider. Right now.

Unfortunately, phishers are getting much better at what they do. I received this email today purporting to be from Amazon.

Fake Amazon Email Receipt

It looks legitimate. It has Amazon’s logo, facebook, and twitter logos. The spelling and grammar is impeccable. Most alarming of all, it shows that I spent $96.99 at Amazon when I know for certain I didn’t. It also shows someone else’s address, which might lead me to think that someone bought something using my account and had it shipped somewhere else.

Despite this, there are some telltale signs that will catch the eyes of the most observant readers:

1. Although it shows my email address, it doesn’t show my name anywhere. Amazon knows my name. Where this email says “Thanks for your order, j—-@—–.com”, an actual receipt from Amazon would say “Thanks for your order, Jay!”
2. It shows a billing address but no shipping address. The subject line says “Your amazon.com Kindle e-book order” so maybe it’s no big deal that there’s no shipping information. Except that if someone used by credit card, they would have to use my billing address.
3. The email says it’s for a Kindle e-book, but there are no new books on my Kindle.
4. If I hover my cursor over any of the links in the email, the url that appears in the bottom left corner of my email client doesn’t say https://www.amazon.com/blahblah. It says http://amazon.blahblah.com.ru/blahblah.

The fraudsters are ok with these discrepancies because they are counting on you being so concerned that someone might be misusing your account that you’ll just click on one of those links to find out what’s going on. Someone is stealing from you!!!

I don’t know what the amazon.blahblah.com.ru website looks like because I didn’t click on the links in the email. Neither should you. If they are really good (and the quality of this phishing attempts suggest they might be), then this Russian website (That’s what the “.ru/” in the url means.) might look very much like the legitimate Amazon site. And what they really want is for you to type in your username and password. If they were really, really good, then they would tell you “sorry, wrong password” and redirect you to the real Amazon site, where you would log in and feel so relieved that there were no fraudulent purchases on your account that you would just delete the email and forget about it. Except now they have your Amazon username and password, and can make charges at will using your credit cards.

The lesson?

1. Look carefully at email you receive. If anything at all looks amiss, assume that it really is amiss.
2. Don’t click on links in email unless you were expecting that specific email. If you didn’t make a purchase at Amazon or make a huge withdrawal from your bank account, don’t even think about clicking on a link in an email that says you did. Instead, open up Firefox or Chrome or whatever web browser you use, go to Amazon’s or your bank’s website, log in, and check it out there. If you still have questions, call them or forward the email to them.
3. Even if you were expecting an email, don’t click on any links in it until you hover your cursor over the link and see where it really goes. Look at the “Bad Links” section of Malware part 4 for more information on recognizing bad links.