Hackers love sending fake emails with logos and formats that look real from the biggest brands—such as Amazon and Amazon Prime—because there's a good chance you are a customer of that brand.
That increases the odds you will fall for their phishing attempts.
We are seeing fake Amazon gift card emails, fake Amazon Prime emails, fake Amazon baby registry emails, and a hot one right now is the fake Amazon package tracking email.
This one hit a relative's email inbox over the weekend:
The answer was no, and this email that looks like it came from Amazon is a fake.
At first glance (which is all hackers want us to take), this email passes as a legitimate Amazon package tracking email. Instead, it is a spoofed email. Here are the top ways to detect if a message is really from Amazon.
Fake Amazon email tip #1 from cybersecurity expertsCheck the "from" line to see who sent the email. In this case, the Amazon email spoofers were either too lazy or too dumb to change it. Clearly, the email is not even from Amazon but another random website address.
However, be aware, if you get an email with a "from" line that says Amazon.com, that is not enough information to know if it's a legitimate Amazon email. So keep going.
Amazon emails will typically address you by name and include your shipping address. This email does neither of those things. Those are warning signs.
Look for typos, misspellings, and phrases that don't seem to make sense.
Look at the delivery date. It says Approximate Arrival: December 19, 18
This is sloppy work, they forgot to type the 20 in 2018. We've seen worse examples, for sure. However, this gives you an idea of what to look for in your hunt for clues.
Hover over buttons, product ads, and blue hyperlinked text to see where it will take you. Do not click these links, simply hover over them. In this spoofed Amazon email we found the following. The"Track your package" link takes us to a random website claiming to be "mrcosmetic-dot-com":
The ad on the bottom left of the email takes us to "bitnus-dot-com:"
The link connected to the product on the right takes us to "getcarbonblack-dot-com:"
And lastly, the link at the bottom on "tax and seller information," which fraudsters put in there to add legitimacy, takes us not to Amazon but instead to "snfcahps-dot-org":
We did not test where these web addresses take us because even if it is only an advertisement type website trying to get us to invest or buy something, there's a good chance the site is infected with other hacking related attacks, viruses, or malware that will load secretly onto a computer or device. So resist the temptation to click.
Amazon has posted many warnings about fake versus legitimate emails. Here are the things Amazon says it will never ask you for in an email:
Amazon has a fraud team that tries to block cybercriminals and hackers from using the Amazon name to rip you off. If you receive an email that fails the tests above, then send it to Amazon in the following way:
We hope this will help you evaluate if the message you get from Amazon is real or a fake.
[RELATED: How to tell if an email is really from Apple, iTunes, or the App Store and How to spot a fake message from PayPal]