Amazon Credit Card Phishing Scam

[Mike]

Got this email today and must admit I had the wallet in my hand going for the CC before saying wait a minute. The link is dead now, but when I clicked it the amazon log-in page (or a very very similar look alike page) comes up. If you log in, a page asking for CC info comes up. Also, something that might throw you off is that the tabs on the page will actually take you to your Amazon page with books you searched, etc to make it look like the initial page was the real thing.

Called my bank and no they hadn't called Amazon (normal procedure is for the bank to call you first for any problems).

Also called Amazon and they said yep a scammer fishing around and no they wouldn't ask for such info like this.

So beware if you get an email like this.

[edit] Subject of the email: Billing Issue regarding your Amazon.com account

Hello [email address used for amazon],

Greetings from Amazon Payments.

Your bank has contacted us regarding some attempts of charges from your credit card via the Amazon system. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your Amazon account Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your Amazon registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of Amazon policy to represent oneself as another Amazon user. Such action may also be in violation of local, national, and/or international law. Amazon is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.

To confirm your identity with us click here:
_https://www.amazon.com/exec/obidos/flex-sign-in/ref=pd_irl_gw_r/103-3177084-7567864?opt=oa&page=recs/sign-in-secure.html

After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.

Thank you for your interest in selling at Amazon.com.

Amazon.com Customer Service
_http://www.amazon.com

This message and any files or documents attached may contain classified information. It is intended only for the individual or entity named and others authorized to receive it. If you are not the intended recipient or authorized to receive it, you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately then delete it from your system. Please also note that transmission cannot be guaranteed to be secure or error-free.

 

[Laura]

I received a similar email some time ago. But, since I NEVER, EVER click any links about anything having to do with banking or credit cards, instead of clicking, I forwarded the email to amazon. I very quickly received a reply that it was a scam.

So that's the rule: NEVER, EVER respond to emails about your bank accounts or CCs.

 

[Rabelais]

Yup... simply forward the questionable email to the corresponding company, such as: spoof@amazon.com, spoof@paypal.com, spoof@ebay.com, etc. Use "spoof" as the destination. All of the big merchants have phishing prevention teams accessed as "spoof@"

Within minutes you should receive an email confirmation of your suspicions.

I get maybe a half dozen of these a week relating to my PayPal account.

Like Laura said, NEVER use an embedded link in the email. Always open a fresh browser window and type the home page URL (e.g.: www.paypal.com) directly to your browser, then access your account information from there.

 

[Laura]

Yup... simply forward the questionable email to the corresponding company, such as: spoof@amazon.com, spoof@paypal.com, spoof@ebay.com, etc. Use "spoof" as the destination. All of the big merchants have phishing prevention teams accessed as "spoof@"

Within minutes you should receive an email confirmation of your suspicions.

I get maybe a half dozen of these a week relating to my PayPal account.

Like Laura said, NEVER use an embedded link in the email. Always open a fresh browser window and type the home page URL (e.g.: www.paypal.com) directly to your browser, then access your account information from there.

Yes. This is much more complete advice on how to handle these things. And emphasis on NEVER using an embedded link in an email.

If you are really curious and want to compare the embedded link to what you know is the REAL link, you can right click, copy link, and paste it in a text program or something.