Is that Amazon Order Email for Real?

From Krista Wagner, Chief Communications Officer of Black Line® IT

Amazon was incredibly popular before the pandemic and has reached record highs since in-person shopping has declined. In fact, many Amazon shoppers may not even remember all the orders they placed with the warehouse fulfillment giant. And scammers are counting on just that.

There is a relatively new email scam going on right now where a “bad actor” impersonates Amazon and tries to make a user think they are being charged for a package they did not order. We’re seeing this email pop up more and more lately.

Here’s an except from an email that recently made it to our Black Line® IT CEO. Luckily, he saw the warning signs and didn’t fall victim to their attempts.

How did he spot the email as suspicious?

  • He hovered over the sender’s email address and saw that it didn’t quite match Amazon’s URL.
  • The email greeting was not personalized with his name; it used a generic greeting of ‘Hello User.’
  • There was no link to click to be directed to his account – only a phone number. He thought about how Amazon generally operates, and it’s not by using live people over a phone. Jody quickly realized any person on the other end of a phone line would be phishing for private information that he didn’t want to provide.  
  • There are other signs if you look closely:
    • The Amazon logo is a little grainy
    • Help-Desk is not generally-accepted grammar in the US

In this day and age, even the best technology can only prevent some of the cyber attacks coming our way. Human education and intervention are absolutely critical to stop these criminals from stealing valuable information like personal information or login credentials.

General rules when deciding if an email is suspicious:

  • Watch for Overly Generic Content and Greetings: Cyber criminals will send a large batch of emails. Look for examples like "Dear valued customer."
  • Examine the Entire from Email Address: The first part of the email address may be legitimate, but the last part might be off by letter or may include a number in the usual domain.
  • Look for Urgency or Demanding Actions: "You've won! Click here to redeem prize," or "We have your browser history pay now or we are telling your boss."
  • Carefully Check All Links: Mouse over the link and see if the destination matches where the email implies you will be taken.
  • Notice Misspellings, Incorrect Grammar, & Odd Phrasing: This might be deliberate attempt to bypass spam filters.
  • Check for Secure Websites: Any webpage where you enter personal information should have a URL with https://. The "s" stands for secure.

If you’re already a valued client of Black Line IT, and you are unsure about the validity of an email, please err on the side of caution and submit a Help Desk ticket so we can investigate. We would always rather you be safe than sorry!

If your business needs resources to prevent or recover from an email phishing attack, Black Line IT can help - we can assess your security levels to ward off this kind of attack, provide Security Essentials training to your team, and implement the right products and services to keep you protected.

If you already work with Black Line IT, reach out to your Account Owner to learn more. Otherwise, begin a chat/contact us at blacklineit.com/contact (M-F, 8-5 central) or call us at 630.388.1700.

Where do you want to go? Black Line IT will help get you there. We’re ready for your mission.

by Mike Milkovic | March 17, 2021 |

Written by Mike Milkovic

Mike Milkovic

Web Developer at Black|Line IT.

Recent Posts