We’ve discovered a new type of phishing e-mail purporting to be from Amazon.com. Unlike previous phishing e-mails which tell the receivers that they need to log into their accounts, this e-mail merely shows products for sale. If the user receiver the e-mail is interested in one of these products, or if they simply click through to Amazon via one of the links in the e-mail, they’ll end up on a phishing site. The e-mail contains a selection of products, none of which stand out especially as being high-sales items (such as iPods, mobile phones, computers, etc.)
We weren’t able to see exactly what happens when one clicks on a link in this e-mail, because by the time we got it the site was already down. It’s likely, however, that you’d be prompted to enter your user name and password before going any further.
But the e-mail is very well-crafted, and should a user be interested by one of the products, they would certainly be tempted to click on a link. Since it’s not your usual phishing e-mail which immediately says you need to reactivate your account, it will draw less suspicion.
It looks like you’ll have to be more careful when clicking links on Amazon e-mails – or any e-mail for that matter. You can always see where the link is going by hovering your cursor over a link for a few seconds to see the link’s URL in a tooltip. And you can also check in your browser’s address bar to make sure that the URL is what you think it is.