By Lance D. Reedy
I have two clients that I know of that have gotten scammed by phishing emails. Don’t let this happen to you!
I just received this email in my inbox. The footnotes in parenthesis are mine. It looks like this:
From: Amazon.com firstname.lastname@example.org (1)
Subject: Payment details update required 4/11/2019 7:00 PM
To: Undisclosed recipients
Message from Customer Service
We recently failed (2) to validate your payment information, (3a) we hold on record (2) for your Amazon account, (6)
therefore (3b) we need to ask you to complete a brief validation process in order to verify your billing and payment details (3g)
Click here to verify your account (Don’t do this!!!)
Failure to complete the validation process will result in a suspension (4) of your Amazon membership.
We take every step needed to automatically validate our users, (5) (3c)
unfortunately (3d) in this case we were unable to verify your details.
The process will only take a couple of minutes (3e)
Thank you (3f)
How do you know this is a phishing email? Well, there is fraud written all over it.
1) Amazon never sends emails like this. The look is all wrong. Additionally, this email is in a black font only. If you have previously ordered from Amazon, you know that their emails are always multi-colored. As the scammers become more sophisticated, expect to receive multi-colored emails that mimic legitimate ones.
2) Look at footnote #1. The origin of this email is from “email@example.com.” That has nothing to do with Amazon, so you know right off the bat that this email is bogus. A genuine email from Amazon would have a return address of exactly @amazon.com.
3) Look at footnote #2. The language is awkward and stilted. Amazon would NEVER say, “We recently failed…” or “…therefore we hold on record…” No major company would use language such as this.
4) Look at footnotes #3. The punctuation is atrocious. The author could be from Russia, Nigeria, of some other scam-infested country. 3a and c are run-on sentences. 3b, d, and f need a comma. 3e and g need a period. Spell-check likely helped them get their spelling correct, but getting the punctuation up to snuff is another matter.
5) Look at footnote #4. Phishing and scam emails almost invariable attempt to motivate you to action by scaring you with dire consequences if you don’t comply with their request. Think for a moment, why would Amazon want to suspend your account? Really? Total nonsense!
6) Look at footnote #5. “validate our users…” What does that mean? It’s gibberish!
7) Look at footnote #6. The scammer hit “enter” rather than continuing his sentence after the comma. That’s careless. A professional email would not do that.
8) Such emails are also designed to arouse your curiosity. A person’s thought might go like this, “It’s only a tiny little click. Let’s see what’s there.”
Remember the old saying, “Curiosity killed the cat?” Do you want to stick your hand into the mouth of a rattler so see what it will do? If a powerline is downed in a storm, do you want to grab a live wire to see if it’s hot?”
When you get these, study them if you want, but stay away from these “Click/Tap Here” tantalizers.
9) Lastly, you might ask yourself, “How does the sender of this email know that I have an Amazon account? Answer: They most likely don’t. Millions of people shop at Amazon. It’s like carpet bombing. If a scammer sends this email to enough people, he will hit folks with an Amazon account.
You’re welcome to stop reading here.
This second part is for those that would like to dig a little deeper into these phishing emails. When I highlighted and copied the email into my word document, it looked like this:
WDhjM5Se recently failed to valDhjM5Sidate your paDhjM5Syment inforDhjM5Smation, we hDhjM5Sold on record for your AmDhjM5Sazon acDhjM5Scount,
therefore we need to ask you to complete a brief valDhjM5Sidation proceDhjM5Sss in orDhjM5Sder to veDhjM5Srify your billing and paDhjM5Syment deDhjM5Stails
Click here to verify your account
FaiDhjM5Slure to complete the validDhjM5Sation procDhjM5Sess will result in a suspeDhjM5Snsion of your AmDhjM5Sazon memDhjM5Sbership.
We take every step needed to automDhjM5Satically validDhjM5Sate our users,
unfortuDhjM5Snately in this case we were unable to veriDhjM5Sfy your details.
The prDhjM5Socess will only take a couple of minutes
What? Possible Explanation…
I asked my son Isaac if he could help me understand this. First, remember that email and website programming is done in HTML. Isaac opened up the HTML for this email and saw that the scammer had inserted these extra letters, DhjM5S, in the middle of various words. The font size was set to zero, meaning that they are there, but we the readers can’t see them.
Why would someone want to do this? Isaac postulated that this is done to fool spam filters. The gibberish seems to be inserted into words that spam filters might look at. Examples are validate, failure, verify, and payment. The scammer has now spoofed the spam filters, but we don’t see it. Kind of clever, I’d say. End