Los Angeles Area Police Try To Defend Mass Surveillance With Auto License Plate Readers
Questions About The Target Data Breach And How Hackers Broke In

How To Recognize Shopping Email Scams

The scam artists and fraudsters seem to be getting bolder. Recently, I have received several bogus e-mail messages claiming that I am being evicted from my residence. Both messages include .ZIP file attachments, which probably include malware that either takes over my computer (e.g., "ransomware") or installs spyware to steal banking passwords.

The first spam message:

"From: "Amazon.com" (messagerusg@amazonseoeni.com)
To: (recipient 1), (recipient 2), (recipient 3), (recipient 4), (recipient 5), (recipient 6), (recipient 7), (recipient 8), (recipient 9), (recipient 10)
Subject: Your order report id 638
Date: Feb 3, 2014 12:26 PM

Good morning,

Thank you for your order. We’ll let you know once your item(s) have dispatched.You can view the status of your order or make changes to it by visiting Your Orders on Amazon.com

ORDER DETAILS

Order CZ6775413 Placed on December 12, 2013

Order details and invoice in attached file.

Need to make changes to your order? Visit our Help page for more information and video guides. We hope to see you again soon.

Amazon.com"

The scammers tried really heard and included some HTML formatting with the Amazon.com logo. I stripped off the HTML. The tried again a few minutes later with a second spam message:

"From: "Amazon.com" (messageni@amazonsemiye.com)
To: (recipient 1), (recipient 2), (recipient 3), (recipient 4), (recipient 5), (recipient 6), (recipient 7), (recipient 8), (recipient 9), (recipient 10)
Subject: Your order report id 877
Date: Feb 3, 2014 12:30 PM

Good morning,

Thank you for your order. We’ll let you know once your item(s) have dispatched.You can view the status of your order or make changes to it by visiting Your Orders on Amazon.com

ORDER DETAILS

Order MR4863706 Placed on December 13, 2013

Order details and invoice in attached file.

Need to make changes to your order? Visit our Help page for more information and video guides. We hope to see you again soon.

Amazon.com"

Of course, I did not open the attached .ZIP file. Doing so would have been dumb. Of course, I notified my Internet Service Provider that both messages were spam. How I recognized these e-mail messages as scams:

  1. The sender doesn't know my name.
  2. Both messages included ten (10) recipients, with e-mail addresses in alpha order. The real Amazon.com doesn't do this.
  3. The order number in the e-mail subject line does not match the order number listed in the message text.
  4. Both e-mail confirmations are about five weeks after the supposed order date. The real Amazon.com is not this slow. Not even close.
  5. The text in both messages tries to get the recipients to open the attachments. I never open attachments from strangers. Never. Nor should you.
  6. The only people that send .ZIP files to me are my consulting clients, and in those cases they notify me beforehand. Experienced, security-conscious Internet users do this and ask if it is okay to send .ZIP files.
  7. While Amazon.com is a real online shopping website, neither return e-mail address is the retailer's real e-mail address. Both have a few additional letters in the server name.

Don't be tricked by spam. Learn to spot it.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.