Phishing in the Amazon
Spoof email from Amazon was almost convincing.
By Michael Stillman
Phishing has become so widespread these days we generally ignore it. "Phishing" is the process whereby some unscrupulous individual sends you a message, purporting to be from a well-known company, seeking information about you. They may want such things as a social security number, so they can steal your identity, or your credit card number, so they may make some purchases on your behalf. Whatever it is, they entice you to provide the information by pretending the message is from some major company you know and trust.
Examples of the type almost all of us must receive and recognize for what they are, are messages purporting to come from companies like eBay and PayPal, saying there has been suspicious activity in our account, so we must send them identifying information or they will be forced to close that account. Of course, eBay would never send such an email, but they hope a few unknowing souls will believe the message comes from eBay and send them the information they want. Banks are another pretended source for such emails. "Phishermen" will claim to be representing a bank, where suspicious activity on your account requires you to send them account information so they can resolve the problem. It is all a ruse to get that identifying information so they can steal your money.
Of course, I have received many phishing emails supposedly from online bookseller Amazon. It is generally the usual stuff -- there has been some suspicious activity in your account, so we are going to have to cut you off if you don't send us your credit card, bank account and social security numbers, the location of all your valuables, and your mother's maiden name. You know. You've received those. So this one almost caught me for a split second. This one told me that I had received some special coupons for being such a special customer. Well, I'm not that special a customer, but I have made purchases at Amazon, so unlike most phishing expeditions, this one sounded plausible.
Now, as I said, I was only fooled for a split second. That was because I quickly realized that the email account to which this message was sent was not the one I have given Amazon. I quickly realized that this was just a spam sent to millions of email addresses, in the hopes of fooling those recipients who were Amazon customers. In this case, the me at this address was not, so I quickly recovered my senses. However, if this had made its way to the email account I have given Amazon, I could have been fooled, at least for a little longer.
Phishing in the Amazon
After reading a little deeper into the email, it became more and more suspicious. What started out sounding like a coupon for some free merchandise morphed into a "settlement." Settlement of what? Has Amazon legally wronged me? I don't think so. However, the message indicated they had wronged me to the tune of $122.95. That's more than I have spent with Amazon in my life. If Exxon admitted they had wronged me by $122.95, I would have felt shortchanged, but I don't regularly empty my wallet at Amazon. Then came the kicker. They weren't going to give me a discount on future purchases. No, they wanted to send me the money! Sure they did.
So, why couldn't Amazon just credit my account with the money? The email explained that this would "contravene federal law." Huh? The reason this would be illegal is that this was a class action settlement, and if they put the money in my Amazon account, Amazon would illegally benefit from earning interest on that money until I spent it. Therefore, they were forced to rush me the cash right away.
So how about just crediting the money back to my credit card? No, this too would be "illegal." They explained that crediting credit cards is not a legally approved method of settling class action suits. Is that true? I have absolutely no idea, but I guess it sounds authoritative.
What they could do was to directly deposit the funds to my bank account, provided I have a "linked card" with Amazon. I'm not sure what a "linked card" is, or if there is such a thing, but if there is, I am quite sure neither I nor many others have one. Most pay with normal credit cards. But not to worry. If I didn't have a linked card, there was a link I could click which would resolve the issue. That was enough for me. I do not click links in suspicious emails, nor those in many others, for that matter. I did try a cut and paste an address (url) they provided to tell me all about the settlement, but that turned out to be a nonexistent page.
Anyway, this was a new scam, and one that at least started out appearing more believable than most. For those of us who either buy or sell books, the use of Amazon as the supposed source can make it even more believable. Don't be fooled. There is no free lunch, and there is no free Gold Box Coupon. Remember that if "Amazon" emails you one. There is only fraud, and you need to keep up your guard. The sharks are phishing for you.