What Is A Phishing Scam
Phishing scams take the form of a what looks like a legitimate email from a brand or company that you recognise. Cybercriminals use the names of larger companies as they prey on the idea that recipients trust this brand and would expect to receive emails from them.
Common phishing emails might be from HMRC, your bank, Apple and Amazon who claim that you need to click a link to update your account, or a refund has been awarded and therefore they need your account details. These are more than likely fake emails.
Even if you think you know the sender they might not be who they say they are. A rule of thumb is to never click on something you are unsure of, as by clicking on that link youre going to be taken to a fake website which collects your information.
Educate Your Employees To Prevent Phishing
Education is power, and knowledge liberates. Regularly remind your employees of what they should be looking for when handling mails or information within the organization. This does not necessarily mean having frequent awareness training programs as a few well-placed posters within the office can serve the purpose.
Verify A Website Below
Are you just about to make a purchase online? See if the website is legit with our validator:
Are you a big fan of Etsy? Here are a bunch of fake Etsy-like websites!
TOP 4 MUST-WATCH FRAUD PREVENTION VIDEOS
1. Got a Domain Name? Here’s The Biggest SEO Scam2. Top 5 Amazon Scams in 20213. Top 5 PayPal Scams in 20214. How To Spot a Scam Email in 2021
Don’t Miss: How Do I Recover Deleted Emails From Gmail
How To Protect Yourself From Amazon Spam Email
It can be quite exhausting to deal with the number of unwanted emails we receive every day. People from all over the world who have received fraud emailssuch as Amazon spam emailare continually looking for a way to get rid of them. Amazon has gathered a team specialized in dealing with all kinds of cyber criminals, but theres something that will save you a lot of time and earn you some moneyDoNotPay is the best robot lawyer in the world, and its at your service!
Know What Amazon Will And Wont Ask
Amazon has a concrete set of rules about what it will and wont ask you. If an email or phone call claiming to be from Amazon asks for something like a password, its not actually from Amazon.
On their Seller Central help page, Amazon is clear about what they ask for and what they wont. Heres a list of information that Amazon won’t ask you to provide.
- Amazon account password
Recommended Reading: Recover Permanently Deleted Emails Aol
Report Suspicious Emails Phone Calls Text Messages Or Webpages
We take fraud, scam,phishing and spoofing attempts seriously. If you receive correspondence you think may not be from Amazon, please report it immediately.
Suspicious Emails or Webpages
For suspicious webpages, copy & paste the link into the email body.
If you can’t send the email as an attachment, forward it.
Note: Sending the suspicious email as an attachment is the best way for us to track it.
Note: Amazon can’t respond personally when you report a suspicious correspondence to , but you may receive an automatic confirmation. If you have security concerns about your account, please contact us.
Suspicious Phone Calls or Text Messages
Report any suspicious phone call or text message to the Federal Trade Commission .
To report a phone call or text message visit ftc.gov/complaint and follow the onscreen assistant.
If you’re concerned about your account security, go to Protect Your System for tips and recommendations.
Was this information helpful?
Ignore The Spam Folder
Fortunately, email checking algorithms are also quite intelligent. Thats why they carefully filter all the incoming emails and feature the suspicious ones as spam. Most likely, a phishing letter from Amazon scammers will land this folder as well.
Still, some owners may consider it a mistake, decide to open the letter and follow the instructions inside. So, make it a rule never to check a spam folder, never open spam letters, and most importantly, dont use any attached links, including the unsubscription ones. An unsubscribe link in a phishing letter is dangerous by default since you are likely to have never been subscribed to the senders newsletter.
Don’t Miss: Gmail Retrieve Deleted Email
What Not To Do When You Receive A Spam Email From Amazon
Phishing emails can be quite convincing, so you should be careful and not fall into their trap. Here are a couple of things you should not do when you receive an email, allegedly, from Amazon.
- UnsubscribePhishers often use the method of giving you the instructions for unsubscribing. Using this method, they create a list of valid and working email addresses
- Neglect the features in the Seller CenterThough the Sold Ship Now notification is a popular tool, you can get relevant information for your orders by using the Manage Orders option in your seller account
- Accept suspicious offersYou could receive an email in which you are offered an attractive deal, such as to get a discount or even a free item if you complete a simple task. You should never click on any of the embedded links
Fake Order Phishing Email
As with any major service, Amazon is no stranger to being spoofed or impersonated by enterprising fraudsters who are looking to dupe people out of their personal information, or to access credentials to their accounts. The emails you may receive can take on various forms however they usually impersonate a common Amazon dispatch email, which regular customers have encountered many times over. For example, you might receive one confirming a purchase that you didnt make and tries to trick you into clicking on various links that look like contact information to Amazons customer service. These links can then redirect to something looking like the official Amazon login page however, when you try to sign in you will have divulged your credentials to the scammer. Alternatively, by clicking on the link or attachment in the email, you may download a malicious payload to your device that will attempt to download keylogging software that will try to harvest your credentials to any services you use.
Read Also: How Do I Recover Deleted Emails From Gmail
Most Common Phishing Email Examples
If you arent sure how to detect phishing emails, checking out some phishing email examples is definitely recommended. Theres no single template for these emails, but there are some categories which appear again and again.
1. Spear fishing
Spear fishing is a very precise form of phishing, where attackers work hard to include personal details such as the names of colleagues, past purchases, and contact information. By doing so, these emails try to establish a personal connection with the recipient. They tend to be associated with social networks like LinkedIn, where users regularly receive unsolicited emails from recruiters.
Pharming is one of the most devious kinds of phishing attack. In these attacks, phishers actually poison the DNS server of a website and redirect users to the site of their choice. So the links in phishing emails can seem totally accurate, but they can still send users to dangerous sites. This makes it very important to take care when clicking any email links.
3. Simple deception
The classic answer to the question of what is a phishing attack, simple phishing emails are just generic appeals to take a particular action. In the past, they may have told stories about long-lost relatives in distant countries, and sudden inheritances. Nowadays, those stories have less power, and other narratives are employed. So always be skeptical about people contacting you out of the blue.
5. Cloud phishing
Check To See If A Company Is Legitimate
If youre unsure about a financial services company, check the FCA register of regulated companies. If theyre not on it, dont have anything to do with them.
If youre unsure about any other kind of company, you can look them up on Companies House to find out their background, or search for reviews online.
You May Like: Finding Archived Emails
Phishing Email: Your Amazon Account Is Being Suspended
Were going to talk about a phishing campaign that has been using Amazons name and brand. The threat has been detected and blocked by Gatefys email security solution. As it uses the Amazon logo and the same branding, many users may be mistaken. But beware: as we said, this is a phishing scam.
The malicious email starts like this: You are receiving this email because you are an Amazon customer.
Then the email states that, due to a problem involving billing information, your Amazon account has been temporarily suspended. Worse, it will be deleted if you dont access the link in the email and fill in new information within 24 hours.
Right before the Login to my account button, the email also claims that, if you provide incorrect information, your account will be permanently closed.
You May Be Asked To Give Personal Information In An Amazon Scam Email
Amazon is continually warning its customers about false emails. One of the ways to distinguish between real and fake Amazon emails is to know the questions that Amazon will never ask in an email.
Amazon will never ask you to provide information such as your PIN, credit card number, security code, or bank account information. The company doesnt want to know your mothers maiden name or similar information to identify you.
Your favorite food, your pets name, or your dream destination will never be on the list of questions. Amazon will also not ask for your Seller Central account password. When you receive an email that contains these questions, do not hesitate to report spam email.
Also Check: How To Send Video Files Too Big For Email
If You Think Youve Been A Victim Of An Online Scam Or Fraud
Contact Action Fraud if you think youve lost money or been hacked because of an online scam or fraud and youre in England or Wales. You can:
- report online – either sign up for an account or continue as a guest
If youre in Scotland and youve lost money because of an online scam or fraud, report the crime to Police Scotland.
How To Report Phishing Emails
It can be challenging to know the first step to take when you have fallen victim to a scam email. Whether theyre malicious messages or phishing scams, well show you below how to deal with them.
The most crucial first response is to report the scam to the proper authorities or department. You may think turning to the local police is the best solution, but there may not be much that your local department can do to help. How can you report phishing emails?
Related Article: How To Know If Your Email has Been Compromised
One such resource is the Crime Complain Center. If the scam website that targeted you deals with unfair business practices or deceptive marketing , you can send your report to the Federal Trade Commission . You can file a complaint online HERE. You can contact them at 1-877-FTC-HELP, or via regular mail at Federal Trade Commission, CRC-240, Washington, D.C. 20580. Finally, if you suspect that the scam website is based in another country other than the USA, you can check out Econsumer.gov.
The FTC oversees and regulates online scams such as scam emails, computer support scams, and scam websites. They are an excellent resource for anyone dealing with a scam situation. They also investigate other non-tech scams such as check fraud, wire and gift card fraud, student loan scams, and scams based around lotteries, sweepstakes, and other prize situations.
You May Like: Is There A Way To Recover Deleted Gmail Emails
Help Stop Phishers And Spoofers
You can make a difference! Amazon has filed several lawsuits against phishers and spoofers these lawsuits came about from information provided to Amazon through the email address.
Report spoofed emails to Amazon
- Create a new email addressed to and attach the original, spoofed email. Sending the email as an attachment is the best way to preserve the header information, which makes it easier for Amazon to trace the origin of the forgery.
- If you cannot send the forged email as an attachment, forward the email to , and include as much of the header information as you can.
To locate the header information, configure your email program to show All Headers. The headers we need are well labelled and will look similar to this example:
S Of Reporting Phishing Email To The Us Government
- In Outlook Express, you can create a new message and drag and drop the phishing email into the new message. Address the message to and send it.
- In Outlook Express you can also open the email message* and select File> Properties> Details. The email headers will appear. You can copy these as you normally copy text and include it in a new message .
- If you cannot forward the email message, at a minimum, please send the URL of the phishing website.
* If the suspicious mail in question includes a file attachment, it is safer to simply highlight the message and forward it. Some configurations, especially in Windows environments, may allow the execution of arbitrary code upon opening and viewing a malicious email message.
You May Like: How To Find Email In Archive
They Are Poorly Written Emails With An Odd Writing Tone
Poor spelling and grammar should always be the first red flag for any email received, whether from a known or unknown source. Some people are convinced that such errors arise due to an inefficient filtering system however, hackers exploit this technique on the most gullible targets only. The catch here is that if an individual is unable to pick the minor hints at the first stages of the intrusion, then most likely, they wont be able to pick clues during the scammers endgame.
When executing a phishing attack, hackers do not have to monitor inboxes and send tailored responses. To reach a wider audience and lure more victims, they prefer randomly dumping thousands of crafted messages on unsuspecting persons.
Important tip: look for grammatical errors and not spelling mistakes.
In most cases, hackers will use a translation machine or spellchecker when crafting phishing messages. These apps can give the right words with accuracies close to 100, but they do not necessarily arrange the words into the proper context.
For example, the image shown above is a phishing scam imitating windows. Every word is spelled correctly except for various minor grammatical errors that a native English speaker wouldnt make, such as We detected something unusual to use an application. There is also an array of missed words in various sentences such as Please contact Security Communication Center, a malicious user might trying to access, etc.