Amazon Expiration Emails Lead to Phishing

Never trust an official email that's full of typos

Emails that alert recipients their Amazon online accounts are about to be deactivated turn out to be part of a cleverly designed phishing campaign that targets users with the purpose of stealing their credentials.

The message provided by Graham Cluley reads:

Dear customer,

Your online account is about to expire and will be deactivated.

Please confirm wether you want to continue using Amazon or not.

If the answer is yes, download and complete the attached form.

If the answer is no, please ignore this e-mail.

Best wishes,

Amazon Team

Note - Do not reply to this e-mail.

The message comes with an HTML attachment that represents a form which requires the user to provide loads of sensitive information that will allow a hacker to steal his account.

Sophos detected the attached file as Troj/Phish-AZ which means that a good antivirus solution can keep you safe in case you might believe the warning to be true.

I will take this opportunity to remind you how to avoid phishing campaigns and how to identify malicious emails.

First of all, legitimate emails rarely come with attachments, especially if they consist of .zip or HTML files. Unfortunately, cybercrooks devised ways of hiding their malicious files even in PDF or Windows Help files, so treat everything with suspicion.

Even if the sender’s email address can be easily spoofed to resemble a legitimate address, website URLs are much harder to fake. If the message contains a link that should point to Amazon, PayPal or any other similar site, be careful to check the precise name. is not the same as

Finally, check for spelling errors. In the above example you’ll notice that the cybercriminals misspelled the word “whether”, a typo that would most certainly not appear in a legitimate email coming from a company.

Hot right now  ·  Latest news