There’s something ‘phishy’ with that Amazon email
Sophisticated phishing emails aim to trick consumers into giving away their money
Sept. 8, 2021
You didn’t buy a $750 television from Amazon. Then why are you getting an email from the online retailer notifying you of the impending delivery of a big screen, but only if you pay a few hundred dollars first?
You aren’t going to receive a television and you’re not getting a legitimate email. Instead, a scammer is trying to pry your money and personal information from you.
This type of well-designed phishing scam has become more common in recent years, with ne’er-do-wells spoofing retailers, online payment providers, and other companies in fraudulent emails -- as well as phone calls, texts, and social media posts.
Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies.
The Federal Trade Commission notes that often these phishing emails tell a story to trick you into clicking on a link or opening an attachment. They may:
• say they’ve noticed some suspicious activity or log-in attempts
• claim there’s a problem with your account or your payment information
• say you must confirm some personal information
• include a fake invoice
• want you to click on a link to make a payment
• say you’re eligible to register for a government refund
• offer a coupon for free stuff
That was certainly the case in two recent examples reported to the AG’s office. In these cases the consumers reported receiving professional-looking emails claiming they had made large purchases.
The first email informed the consumer that the recent purchase of a $1,250 computer from Amazon was placed successfully. The email contained information on the purchase, such as the consumer’s name and email address. However, the shipping address is for someone else.
The email encourages the recipient to call a number with queries about the purchase. When the consumer made the call, the help center operator instructed the consumer to purchase a gift card and provide the card’s number over the phone.
The second email claims to be from PayPal informing the recipient that a recent $780 smartphone purchase had been authorized from their account.
Though the email does not appear to have the PayPal logo, it includes the consumer’s information and the notification of an expensive purchase. The consumer tells the Iowa Attorney General’s office they did not have a PayPal account, but placed a call to the number listed. The operator informed the caller they would need to send money before a refund could be established.
In both instances, the consumers noticed something "phishy" going on and identified several hallmark of scams in the emails and interactions over the phone.
If you receive what appears to be a phishing email, remember:
Be cautious about opening attachments or clicking on links in emails. Even your friends' or family members’ accounts could be hacked. Files and links can contain malware that can weaken your computer’s security.
The Federal Trade Commission suggests that if you receive an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me?
If the answer is “No,” it could be a phishing scam.
If the answer is “Yes,” contact the company using a phone number or website you know is real. Note the information in the email. You should always avoid calling the numbers listed on the questionable email. The FTC cautions that if you do call the number, you’ll likely be connected to a scammer. If you want to call the company that supposedly sent the message, look up their phone number online.
To avoid receiving phishing emails in the future, the AG’s office suggests consumers use filters to reduce spam correspondence.
If you do get a fake email like this, report it to the FTC at ReportFraud.ftc.gov.