Beware of Email Phishing Scams that Contain Viruses
On Monday, I placed an order with Amazon.com (yes, I know) totaling $26, just enough to take advantage of their free shipping.
This morning, I received the email below. Needless to say, I freaked. I called amazon.com (using that phone number at http://gethuman.com/us/) and, with great difficulty (had trouble with the guy’s accent and he, probably, with mine), managed to report it to them. Then I called the credit card companies that I have used on amazon.com but they said nothing like the charge mentioned in the email below had come through. I also followed up with an “email” to amazon.com through their website.
My husband found that the attachment to the email below contained a virus which Symantec zapped, so we’ll never know what the attachment contained. But I’m pretty freaked out.
Amazon has responded with emails that say the problem’s not at their end. Which is very reassuring, what the hell else would they say. One thing that has me worried is that when I ordered from Amazon in the past, I was able to just click on order and they already had my credit card info, which was fine, I’d established the account…this time, they didn’t seem to have anything so I had to reregister and give them a new password. I also used a different credit card than the one I’d used in the past. That has caused Amazon (the real Amazon) to send me a further email saying they want to verify the credit card number, which sounds terribly suspicious, but the phone number they give me to call is the same one I called this morning and their email gave the name of the person I’d talked to…
Oh, God, I am so upset about all this. My husband says to just not order from Amazon.com any more and just follow up with the credit card companies again in a couple of days.
But if anyone has had any problems like this, or has any clue what might have caused this, please advise. One of our friends said that bellsouth.net is not very secure. Do any of you have any idea about this? We’d always thought bellsouth.net was okay. But the fact that they sent the email to “firstname.lastname@example.org”, which isn’t even remotely our email address, seems to support that it might be a bellsouth.net server problem, which Gary had also been thinking might be what’s going on. Any ideas or experiences with this in the past?
PHISHING SCAM EMAIL: Dear Customer,
Thank you for ordering from our internet shop. If you paid with a credit card, the charge on your statement will be from name of our shop.
This email is to confirm the receipt of your order. Please do not reply as this email was sent from our automated confirmation system.
Subtotal : 2,449.99
Shipping : 32.88
TOTAL : 2,482.87
Your Order Summary located in the attachment file ( self-extracting archive with “37679041.pdf” file ).
PDF (Portable Document Format) files are created by Adobe Acrobat software and can be viewed with Adobe Acrobat Reader.
If you do not already have this viewer configured on a local drive, you may download it for free from Adobe’s Web site.
We will ship your order from the warehouse nearest to you that has your items in stock (NY, TN, UT & CA). We strive to ship all orders the same day, but please allow 24hrs for processing.
You will receive another email with tracking information soon.
We hope you enjoy your order! Thank you for shopping with us!
I am sorry to hear of the confusion and hysteria caused by these spammers. That is absolutely a fake email to you and it’s not from Amazon. If the attachment was a virus then they were going to put spyware or key loggers on your computer to trace passwords as you type. I get these types of emails about 30 times a day some of them look so real because they come from Citibank, Buy.com, Amazon, Paypal, and Ebay. it is just pure coincidence that this happened because the spammers just happened to send them out. Some email is not secure though and the spammers can read them (from what I hear) and send you an email similar to products or companies you have ordered before to trick you to click on some URL to give them a password/credit card.
I hope this doesn’t turn you away from ordering online because it is very safe normally. I do get coupons sent to my email and I verify they are from the real source but it is normally easy to tell it is just sometimes they fool you.
I think the real Amazon order emails come from email@example.com.
FOLLOW-UP TO PHISHING SCAM
I was looking in my spam mail and I came across this same phishing scam. Almost the same email but it came from Wal-mart.com instead of Amazon. I have never ordered anything off Wal-Mart but I do own a Sony Vaio computer which is probably just coincidence. You can tell it’s a fake email because of the wording but I hope you did not download the .zip file that was attached before it told you it had a virus. There would be no reason Amazon or Wal-Mart would send anyone a .pdf or .zip attachment. I would only trust attachments from family/friends and still be skeptical if the email looks like a spammer posing as your friend.