Last week I was getting caught up on the usual deluge of emails, and one caught my eye.
I’ll admit, at first glance, I almost clicked without thinking.
Take a look:
Sure looks like your typical Amazon receipt email. Everything looks legit at first glance. Of course, I certainly didn’t recall purchasing a new TV, let alone shipping it to someone I don’t know. Perhaps someone gained access to an Amazon account and tried to order something? Odd. I don’t remember ever using my work email address to shop on Amazon?
I was ready to click the Order Status link, but two things caught my eye (other than not having an Amazon account):
- The email spelled “Wednesday” incorrectly. A spelling error on an Amazon receipt? I suppose it’s possible. but not likely.
- The link to the Kindle Store isn’t properly aligned with the other links in that part of the email – which to me looked like perhaps an issue with the CSS or HTML used in the email. Again, possible, but not very probable.
Now that I’m suspicious, I decided to take a look at some of the links in the message, and here’s where it became very obvious very quickly that this email was anything but kosher.
Let’s take a look at some of the links:
Well, that’s interesting. I had no idea Amazon moved from Amazon.com to some random site in the Ukraine?
That being said, if you were unlucky and hovered over one of the links below, you’d find a real link to Amazon, which might convince you that the email was authentic:
The rest of the links on the email pointed to the .ua domain:
By the time I was able to take a deep look at what would have happened if I’d visited this site, it appeared that the compromised site was discovered by someone and taken down. but it’s likely it was hosting some sort of Crimeware or Exploit Kit malware in the hopes of installing itself on unwitting victims. Who knows how successful the campaign was?
A few things to keep in mind for your own safety and peace of mind:
- Never click on links in emails you aren’t expecting. Simply visiting a site now can be enough to compromise your computer if you’re not properly patched or protected.
- Always take a moment to pause and look for telltale signs of a phishing email – if something looks out of place, there’s a good chance something IS out of place.
- The Web sites of small businesses are often targeted by cybercriminals as a means of distributing malware. If you’re a small business owner: ensure your Web host is keeping your Web server up-to-date and properly patched and secured.
- Phishing emails might ask you for information you would normally never have to give.
If you’re just not sure, don’t chance it – open a new tab in your browser and head to the site directly. If there’s something critical your bank or retailer wants you to know, they’ll be sure to alert you in some way. and if all else fails, call them.
Surf safe out there!
Leave a reply