Another phishing email pretending to be from Amazon for customers who have apparently ordered a “Fire TV Print HD at £89.97”. This is a scam trying to make people click on the link which says “Click Here” which takes you to your Amazon account, or so you think.
The Click Here link actually takes you through to one website,
http://www.example.de/images/stories//simpleslideshow/connect.php
Which then redirects you through to a hacked website at,
http://www.hacked-website.com/media/system/js/amazon/ap/signin/5241578b7731d8059db390278df93858/login.php?/ap/signin_encoding=UTF8-URL=https://www.amazon.com
The above two main domain names have been masked for security purposes and the hacked website owner has been contacted.
When a user ends up on the hacked website, they are presented with the usual looking Amazon sign-in page which could easily catch a few users out;
Be aware that phishing attacks like this can take many forms. The from email address in this instance (while this can be easily spoofed) is wrong and it set to a Hotmail address. Likewise, the £ sign in the price is at the wrong end, clearly the phishing attackers have never visited the UK as we have the currency symbol before the numbers. And finally, the most important point, is that the link behind the “Click Here” link is not going to Amazon.co.uk or Amazon.com. And to Amazon, you are more than a “Customer” you have a first and last name which they will always address you with.
Whenever you receive emails like this, you are always best to visit the account directly through your web browser and do not click on any links in the emails. If the email is genuine, you will also have a notification waiting in your account too which you can action from there.
Michael Cropper