“Your Amazon Order Cannot be Shipped” Phishing Scam Email

Outline:
Email purporting to be from Amazon claims that there was a problem processing your order so it cannot be shipped until you click a link to confirm your account.




Brief Analysis:
The email is not from Amazon. The link opens a fraudulent website that tries to trick you into divulging your personal and financial information to criminals.

Example:
Subject: Your Amazon.com order cannot be shipped

Hello,There was a problem processing your order. You will not be able to
access your account or place orders with us until we confirm your
information.click here to confirm your account.We ask that you not open new accounts as any order you place may be delayed.

For more details, read our Amazon Prime Terms & Conditions.

Sincerely,

Amazon.com.au

© Amazon.com.au, Inc. or its affiliates. All rights reserved. Amazon,
Amazon.com, the Amazon.com logo, Prime and Amazon Prime are trademarks
of Amazon.com, Inc





Detailed Analysis:
According to this email, which purports to be from Amazon, there has been a problem processing your order and therefore the order can not be shipped. The email claims that you will not be able to access your Amazon account or place any orders until the company has confirmed your information. The message urges you to click a link to confirm your account as requested.

However, the email is not from Amazon and the claim that you must click to confirm your account is a lie. The message is a criminal ruse designed to steal your personal and financial information. The criminals know that, given Amazon’s popularity, at least a few recipients will have recently placed an order with Amazon and may thus be more inclined to click the link in the scam email. And, some recipients who have not placed an order may still click because they mistakenly believe that their account has been compromised or simply because they think an error has been made.

If you do click the link, you will be taken to a fraudulent website that closely resembles the genuine Amazon website. The first page on the fake site asks you to sign in with your Amazon account email address and password. Next, you will be taken to a fake update form as shown in the screenshot below. The form asks you to supply your name, address, and contact details as well as your credit card numbers:

Fake Amazon Update Form

After you supply the requested information and hit the “Save and Continue” button, you will be automatically redirected to the genuine Amazon website.

Meanwhile, the criminals can collect the information you supplied and use it to hijack your Amazon account. Once in your account, the criminals can make purchases in your name and possibly harvest more of your personal information. And, since they now have your credit card details, they can also conduct fraudulent credit card transactions in your name. Furthermore, the criminals may be able to use the information they collected  to steal your identity.

Amazon customers are regularly targeted in scams like this one. Be wary of any email that claims that you must click a link or open an attached file to update details or fix a supposed account problem. It is always safest to login to your Amazon account by entering the address into your browser’s address bar or via a trusted app.

Amazon has information about how to report such phishing scams on its website.




Phishing Scams

Last updated: November 13, 2016
First published: November 13, 2016
By Brett M. Christensen
About Hoax-Slayer

References
Amazon ‘New Security Feature’ Phishing Scam
Amazon ‘Security Notice’ Phishing Scam Email
Amazon – Report a Phishing or Spoofed E-mail