Fake "Amazon.com - Your Cancellation" email

General discussion of identity theft issues, including identity theft schemes, phishing scams, and related issues.
Mythbuster

Fake "Amazon.com - Your Cancellation" email

Post by Mythbuster »

I just received this email, supposedly from Amazon.com:

From: order-update@amazon.com
Subject: Amazon.com - Your Cancellation (743-1556239-4894434)

Dear Customer,

Your order has been successfully canceled. For your reference, here's a summary of your order:

You just canceled order #743-1556239-4894434 placed on November 13, 2010.

Status: CANCELED

_____________________________________________________________________

Order #743-1556239-4894434 details

Sold by: Amazon.com, LLC

_____________________________________________________________________

Because you only pay for items when we ship them to you, you won't be charged for any items that you cancel.

Thank you for visiting Amazon.com!

---------------------------------------------------------------------
Amazon.com
Earth's Biggest Selection
http://www.amazon.com
---------------------------------------------------------------------
First of all, I didn't order anything from Amazon. Second, the email said I "just" cancelled the order on at 3:02 AM 11/13/2010, however I received it at 6:02 pm CST on 11/12/2010. (Nine time zones ahead of CST would mean that this email was probably sent right from the middle of ... Scamland.)

What you don't see in this copy is that when you hover your cursor over Order #743-1556239-4894434 details, the actual website is revealed: http://rxchangedirect.net, which is purported to be an "attack" website.

Didn't have to look very far in Google to find that this just is a variation of a phishing scam that has been around for a few years: https://www.viclovan.com/downloads-and- ... %9D-e-mail and http://www.millersmiles.co.uk/report/21019.

According to http://blog.onlymyemail.com/amazon-com- ... aud-email/, "Of course the sender From address is spoofed, this is not a legitimate Amazon communication, and the Reference number is randomly generated in order to evade spam filters that might look for identical subject line contents."

" ... the words “Order Details” are hyperlinked to any number of various attack sites used to download malicious code and/or to capture personal information, passwords and other financial details."
JamesVincent
A Councilor of the Kabosh
Posts: 3096
Joined: Sat Oct 23, 2010 7:01 am
Location: Wherever my truck goes.

Re: Fake "Amazon.com - Your Cancellation" email

Post by JamesVincent »

I got a few of these from Tower Federal Credit Union, which I am not a member of. Same basic page design, same kind of address and same kind of embedded link to something else.
Disciple of the cross and champion in suffering
Immerse yourself into the kingdom of redemption
Pardon your mind through the chains of the divine
Make way, the shepherd of fire

Avenged Sevenfold "Shepherd of Fire"
fortinbras
Princeps Wooloosia
Posts: 3144
Joined: Sat May 24, 2008 4:50 pm

Re: Fake "Amazon.com - Your Cancellation" email

Post by fortinbras »

A variant is a bogus "alert" pretending to be from Paypal. So far, I have received two kinds:

(1) This is to notify me that Paypal has just been authorized to pay for some internet purchase of something I would never want/use (a deer hunter's blind) and to be delivered at some address far from me. If I had any second thoughts about making this purchase I could cancel by replying to the (bogus) Paypal link and providing all my Paypal passwords.

(2) Just to double-check if I had authorized someone entirely unheard (with a ridiculous and unhelpful internet name) of to make purchases using my Paypal, and if I had any second thought about this ..., etc.

{I do not have a Paypal account}
lyfbond

Re: Fake "Amazon.com - Your Cancellation" email

Post by lyfbond »

Mythbuster wrote:I just received this email, supposedly from Amazon.com:

From: order-update@amazon.com
Subject: Amazon.com - Your Cancellation (743-1556239-4894434)
How can this scenario be explained when the email really came from "amazon.com"?
fortinbras
Princeps Wooloosia
Posts: 3144
Joined: Sat May 24, 2008 4:50 pm

Re: Fake "Amazon.com - Your Cancellation" email

Post by fortinbras »

Some years ago I repeatedly received spoofs, allegedly from eBay, supposedly confirming that I had just ordered a portable deer hunter's blind for something like $400, but if I had changed my mind, click on Reply and, of course, provide my account information to cancel the order.
The reply email address, not readily visible, was, of course, not eBay.

For years, I have received emails that my Pay Pal account is going to be closed or something, unless I reply immediately. I haven't used Pay Pal in about 8 years, that was 3 credit cards ago.
Thule
Tragedian of Sovereign Mythology
Posts: 695
Joined: Mon Nov 10, 2008 6:57 am
Location: 71 degrees north

Re: Fake "Amazon.com - Your Cancellation" email

Post by Thule »

lyfbond wrote: How can this scenario be explained when the email really came from "amazon.com"?
It didn't. Camouflaging senders to make it look legit is easy.
Survivor of the Dark Agenda Whistleblower Award, August 2012.
fortinbras
Princeps Wooloosia
Posts: 3144
Joined: Sat May 24, 2008 4:50 pm

Re: Fake "Amazon.com - Your Cancellation" email

Post by fortinbras »

I am reviving this thread because it's the closest to the situation that just presented itself to me.

I have received an email, purporting to be from PAYPAL (but my Hotmail service shows that the source email address is Not), telling me that my PayPal account has just gotten an order to pay $39 for a Skype account and if this is not an authorized expenditure I must immediately get in touch with PayPal - via the link provided in this same email (which is NOT a PayPal mailing link, natch) - to dispute it. No doubt if I use that link, they will then ask me for details on my PayPal account, ostensibly to undo the Skype order.

I do not have a PayPal account, I have not used PayPal for anything for at least 6 years, so the last credit card that the real PayPal saw from me is already expired.

Since this just happened to me, perhaps you are going to get a similar email soon.

By the way, very recently I have gotten a slew of You Won This Internet Lottery messages (some are lotteries, some are inheritances or Michael Anthony - remember him? - type gifts).
notorial dissent
A Balthazar of Quatloosian Truth
Posts: 13806
Joined: Mon Jul 04, 2005 7:17 pm

Re: Fake "Amazon.com - Your Cancellation" email

Post by notorial dissent »

Some variation of this in either EBAY or PAYPAL format has gotten to be a very common and likely profitable scam since so many people use one or both services, and don't think when they see a message like that.

The thing is, that if it is a legit message from either it will come in the name of the userid you signed up with, never "Dear Customer" or the like.

I think I have gotten like 1 EBAY for every 10 PAYPAL scam messages I have gotten. Simplest solution, forward it to the EBAY spoof account, and they will deal with it. They get really cranky with anyone attempting to use their name for anything.
The fact that you sincerely and wholeheartedly believe that the “Law of Gravity” is unconstitutional and a violation of your sovereign rights, does not absolve you of adherence to it.
LaVidaRoja
Basileus Quatlooseus
Posts: 845
Joined: Mon Sep 01, 2008 12:19 am
Location: The Land of Enchantment

Re: Fake "Amazon.com - Your Cancellation" email

Post by LaVidaRoja »

I had a PayPal one yesterday. I do not have a PayPal account, so I just deleted it. Does PayPal have a link to send scams to? (I didn't think to check)
Little boys who tell lies grow up to be weathermen.
notorial dissent
A Balthazar of Quatloosian Truth
Posts: 13806
Joined: Mon Jul 04, 2005 7:17 pm

Re: Fake "Amazon.com - Your Cancellation" email

Post by notorial dissent »

Anything having to do with either Ebay or Paypal, send to spoof@ebay.com as they handle it for both of them.
The fact that you sincerely and wholeheartedly believe that the “Law of Gravity” is unconstitutional and a violation of your sovereign rights, does not absolve you of adherence to it.