Phishing in the Amazon

- by Michael Stillman

Spoof email from Amazon was almost convincing.


By Michael Stillman

Phishing has become so widespread these days we generally ignore it. "Phishing" is the process whereby some unscrupulous individual sends you a message, purporting to be from a well-known company, seeking information about you. They may want such things as a social security number, so they can steal your identity, or your credit card number, so they may make some purchases on your behalf. Whatever it is, they entice you to provide the information by pretending the message is from some major company you know and trust.

Examples of the type almost all of us must receive and recognize for what they are, are messages purporting to come from companies like eBay and PayPal, saying there has been suspicious activity in our account, so we must send them identifying information or they will be forced to close that account. Of course, eBay would never send such an email, but they hope a few unknowing souls will believe the message comes from eBay and send them the information they want. Banks are another pretended source for such emails. "Phishermen" will claim to be representing a bank, where suspicious activity on your account requires you to send them account information so they can resolve the problem. It is all a ruse to get that identifying information so they can steal your money.

Of course, I have received many phishing emails supposedly from online bookseller Amazon. It is generally the usual stuff -- there has been some suspicious activity in your account, so we are going to have to cut you off if you don't send us your credit card, bank account and social security numbers, the location of all your valuables, and your mother's maiden name. You know. You've received those. So this one almost caught me for a split second. This one told me that I had received some special coupons for being such a special customer. Well, I'm not that special a customer, but I have made purchases at Amazon, so unlike most phishing expeditions, this one sounded plausible.

Now, as I said, I was only fooled for a split second. That was because I quickly realized that the email account to which this message was sent was not the one I have given Amazon. I quickly realized that this was just a spam sent to millions of email addresses, in the hopes of fooling those recipients who were Amazon customers. In this case, the me at this address was not, so I quickly recovered my senses. However, if this had made its way to the email account I have given Amazon, I could have been fooled, at least for a little longer.