Phishing emails have been around for years, and as we all get wiser to them — the scammers are getting sneakier.
Phishing is where you receive an email that appears to be from an online shop or financial institution asking you to confirm or reset your account details. The email will usually provide a link that will take you to a site where you can input personal information. This is in fact a fake phishing site designed to pinch your details and defraud you.
Emails purporting to be from banks and building societies are the most common form of phishing — but recently, a new type of scam email has begun arriving in inboxes around the country...
Fraudsters are sending out masses of emails that at first glance look like they are from the online retailer Amazon. They will come from an official-looking address and will often have the Amazon logo on.
The email will contain one of a selection of official-sounding stories — all fake, of course! It may you tell that your credit card has been declined or a recent order has been cancelled or that you need to re-register on Amazon due to an internal shake-up.
There will be a link provided in the email directing you to a website that looks like Amazon where you can re-register and input your card details to successfully complete your order. But this is the phishing site! If you do input any details they will be sent straight to the fraudster and you can kiss your gleaming credit record goodbye!
Obviously the fraudsters don't know whether you shop at Amazon or not, as the email is sent out to addresses at random. They're basically betting on the fact that, because millions of people use the shopping site, a good chunk of their phishing emails will reach an Amazon customer.
When you consider the increase in online shopping over the festive period and the determination of some shoppers to get online bargains delivered in time for Christmas, it's easy to see how people may fall for this scam.
Don't become a victim
First off, emails from Amazon will never ask for personal information such as bank account and credit card details, Pins, passwords or VAT numbers. So if you do receive an email purporting to be from Amazon that asks for any of these things — you know something isn't right.
The same goes for payments — Amazon only uses its own marketplace tool to process transactions and card details. Check the URL of any link provided in an email by hovering over the linked word with your mouse — genuine sites will always begin with http://www.amazon.co.uk, https://www.amazon.co.uk or http://s1.amazon.co.uk. If the URL contains combinations of words like security-amazon.co.uk or amazon.com.biz, then it's probably a phishing site.
It's also always worth checking the address the email has been sent from. Genuine emails will end in either @amazon.co.uk or @amazon.com. Most scammers will use the word amazon in the email address — but they will often end with name of another Internet service provider, for example @hotmail.co.uk or @msn.com.
A poorly written email with bad grammar and spelling mistakes is a further sign of a phishing scam, as they are often translated from another language and are not usually proofread. How the message addresses you may also be a further give away — needless to say alarm bells should ring if you receive an email that begins 'Dear Amazon customer...'!
The safest way to reliably check if an Amazon order has been cancelled is to go direct to amazon.co.uk, sign in using your password and click onto your order history.
If you think you have received an Amazon scam email, your best bet is to email email@example.com and attach the suspicious email.
Other phishing scams
Phishing emails pretending to be from financial institutions are very common; you can find out about one recent scam at Beware this new tax scam.
Many fraudsters are now also targeting PayPal, eBay and AOL users. These phishing emails will contain a similar bogus story to the Amazon emails — asking you to update or re-enter account details.
The AOL phishing email is particularly sneaky, as the fraudster will often state that you will lose your email address or Internet connection if you don't update your account in the next two days. But don't fall for this threat — it's just an attempt to scare you!
Just as with Amazon, AOL, PayPal, eBay and all banks will never ask for personal information over email and they will certainly never use threatening language. For some further tips on how to avoid phishing fraud read Eight ways to spot a phishing scam.
The 'unsubscribe' scam
Amazon have also been warning customers never to click the unsubscribe link in an unknown email, as many spammers use this to create a list of active accounts — which they will then bombard with more phishing emails.
If you do want to unsubscribe from an Amazon mailing, you should change your communication settings within your official account.
To find out more about online fraud read This scam will ruin your Christmas.