The email above landed in my inbox this morning. It’s phony. I don’t know how it got through the junk mail filter. We are required to be paranoid these days! It’s sad. Let me give you some tips for staying safe out there.
The message purports to be from Amazon. It’s got the look and feel of Amazon’s emails. If you look at it closely, there are a few errors that might draw your attention – notice the capitalization of “We”, the failure to capitalize “amazon”, and the lack of a closing period in these sentences:
“We’d like to let you know that We need to confirm your account information, you must confirm your amazon account before we close it. Click the link below to confirm your account information using our secure server”
Let’s face it, though, most of us go through email quickly and we’re not good proofreaders. It would be easy to click the button.
If you click the button, you’re taken to a poisoned website that looks like this:
That’s an exact copy of Amazon’s login page. I don’t see any errors.
If you put in your Amazon credentials, you will have given access to your Amazon account – including the saved credit card – to bad guys. They’d still have to do some work to harm you; Amazon requires credit card information to be re-entered from scratch before shipping to a new address, for example. But the hackers may have access to other sources of information about you from other leaks and just as an overall life goal, you probably don’t want North Korean hackers to log into your Amazon account.
This example appears to be from Amazon. But the next message might appear to be from Microsoft, from a bank, from UPS, from the IRS, or from your neighbor. None of that matters. The only purpose is to get you to lower your guard and click on a link to a poisoned web site that will try to install malware on your computer or get you to give up passwords or credit card details.
The Rules For Computer Safety are unambiguous: Don’t click on links to web sites unless you know exactly where you’re going. If you have any question in your mind about the legitimacy of a message, just don’t click.
If you’re not sure (and I don’t blame you, the messages can look very convincing), here’s one way to avoid a trap.
When you hover over a link in Outlook or Internet Explorer, a small window pops up to show you where the link really goes. If the real link doesn’t match the sender or doesn’t match what you expect, assume it is poisoned and don’t click it.
The button in the email message above looks like this if you hover over it.
That’s a shortened link. There are many services that take long links and turn them into shortened versions that are easier to type and take up less space. The best known is Bitly, but there are many others. The side effect is that it makes it impossible to tell where the links lead. X.co, the service used in the Amazon scam email, is run by GoDaddy – completely legitimate service, free, no login required.
Legitimate links to big companies ought to have the domain name of the company in the link. An Amazon email should have a link to something with amazon.com in the name. Companies don’t use shortened links on their websites or in their email messages. A link in an Amazon message to anything other than Amazon.com is a red flag.
If you click on the button in the email and get to the phony Amazon login screen, it’s more obvious. Hover over the Sign In button and this is the link shown in the popup – at the bottom of the Internet Explorer screenshot above.
If you remember to look, then it’s obvious that “Amrzona.ml” is not going where you expect.
I’ll be updating the Rules For Computer Safety soon. It’s a collection of rules that amounts to a single theme: it requires constant paranoia to be safe online today. You can’t depend on protection for antivirus software or web filters or anything else. Those might be useful, but your protection comes from your paranoia and your common sense. Go slowly, look at links before you click, and be careful out there!