Amazon customers are being targeted with phishing emails that inform them of account integrity checks allegedly performed by the company every six months. The bogus notifications are part of an attempt to lure users to a phishing website.
“Every six months Amazon makes integrity checks related to his customers , how they use the account and if the account is still used by the customer. If the customer account is not used for a longer period of time (1 months) it will be disabled of by Amazon Team and then removed in the next two months of inactivity,” the emails read.
After urging recipients to click on a link to allegedly demonstrate that their accounts are still in use, the emails continue:
“The procedures to disable and then delete the account according to the term of use specified in the Terms and Conditions will take place after the link expire. – The verification procedure requires a very short time from the customer. – The generated link above is only active for 24 hours. If during this period the customer does not make verification account will be disabled until further notice.”
Hoax Slayer has analyzed the phishing and points out that the emails are completely bogus. Amazon doesn’t have such integrity checks in place. The links point to a fake Amazon website where users are asked to hand over their information.
The link in the email analyzed by Hoax Slayer leads to a webpage that no longer exists. However, users must be wary of such notifications since the cybercriminals have most likely set up more than one page.
Judging by forum posts, these malicious emails started making the rounds sometime last week. The campaign appears to be aimed at Amazon customers in the Kingdom. The notifications purport to come from Amazon.co.uk and the reports we’ve seen have been posted on the Amazon.co.uk community forum.
Identifying phishing scams is not that difficult. In general, legitimate emails from large companies don’t contain typos. As you can clearly see, this particular email contains a number of spelling errors.
Furthermore, when you’re threatened that your account will be disabled for or other reasons, it usually means you’re dealing with a scam. A legitimate company will never ask you to hand over personal and financial information in response to an email.