Saturday, December 21, 2013

Amazon apparently the subject of a phishing scam

I don’t know whether this has any relation to the Target leak, but Friday afternoon I received an email in my AOL inbox purporting to be from Amazon, with details about an order Dec. 9 in an attachment, which was a zip file.
  
I examined the email on an old computer that I do not use for any other purposes now.  The sender address, when looked at by passing the cursor, really did appear to come from Amazon.  I went to my Amazon account and found the date of my most recent order to be Dec. 8.
   
I forwarded the email to “stop-spoofing” at amazon, and got back a response that “in all likelihood, this email did not come from us”.

Most phishing attacks show a real sender available to the mouse cursor.  This one did not.  It still pointed to Amazon. 
  
I also got a phishing email from a business associate of the eldercare lawyer I had worked with a few years go.  It asked for a loan for a kidney transplant.  This was an obvious "emergency scam" and it showed a sender email address of a different email under the cover.  But this is the first time I have seen law firms targeted to be made to look like the sender in a phishing attack.  
  
Any explanations?

I also get phishing emails for credit cards I don't have, with attachments -- a bad sign?

No comments: