Larry Osterman's WebLog

Confessions of an Old Fogey
Blog - Title

I get still more spam

I get still more spam

  • Comments 4

This morning I awoke to find the following spam email in my inbox:

Greetings from Amazon Payments.

Your bank has contacted us regarding some attempts of charges from your credit card via the Amazon system. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your Amazon account Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your Amazon registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of Amazon policy to represent oneself as another Amazon user. Such action may also be in violation of local, national, and/or international law. Amazon is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.

To confirm your identity with us click here: <LINK REDACTED>

After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.

Thank you for your interest in selling at Amazon.com.

Amazon.com Customer Help Service

In many ways this tickled my fancy.  The first paragraph (“Greetings from Amazon Payments”) indicates that it’s directed to one of the Amazon affiliates and I’m not an Amazon affiliate.  if it was directed to customers, it wouldn’t come from Amazon’s Payments department, instead it would come from some other department (maybe Amazon billing?).

But they immediately discuss “attempts of charges from your credit card” (let’s ignore the fractured English, it’s a phishing email so you sort-of expect crappy English).  If I’m an affiliate, why would Amazon be charging my credit card?

They then go on and indicate that if this isn’t resolved right away they’ll cancel my Amazon account – very scary.  In fact the risk is so severe, they’re going to ask that I provide a second confirmation of my identity.  And Amazon is going to be totally helpful in ensuring that law enforcement is notified of the charges.  How very helpful of them.

 

But what made this email stand out to me is the next to last paragraph.  The one where they say:

“…we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays.”

To paraphrase that fragment: “we figure it’s going to take us at least 3 days to clean out your credit card and get away.  So please don’t bother us before then.”

 

 

 

Somewhat OT: On a more serious note, a friend of the family recently had her email account hacked (we don’t know how it happened but it did).  The criminals who did this then proceed to send fraudulent emails to all the contacts in her address book asking for money.  The good news is that she complained to the Live Mail folks about it and they were able to reclaim the account for her within 24 hours, so hopefully the damage is minimal.  And she’s gone out and changed all her online passwords in case they figured out those passwords while they had access to her email.  Live email also has an excellent “what to do when you think your account’s been stolen” resource which lays out the various options available when this happens.  The local police department also pointed her to the FBI’s Internet Crime Complaint Center, it’s not clear if engaging them will make a difference (especially if the crooks are international) but it’s something.

  • If nothing else, I would consider the "Emailing us before that time will result in delays" sentence a most suspicious thing in that e-mail. How on earth could e-mailing earlier than 72 hours after the "confirmation" delay anything...?

  • Amazon payments is actually a consumer facing service, not just for affiliates, its the equivalent of Paypal, or Google Checkout, it allows smaller web sites to offload payment processing to Amazon's servers and means that as purchaser you don't have to trust the small site with your credit card details as you provide them only to Amazon (who hopefully know more about using/keeping them securely)

    The Phisher probably doesn't know if you have an Amazon Payments account or not, but by targeting high profile sites like Ebay and Amazon they figure that enough recipients will have some connection to the site to pay more attention to the message.

  • Some years ago I got a message from Amazon about a purchase of a $500 gift certificate.  The message was grammatically correct, but poorly designed, and gave me little indication of what was going on or who to contact if I had questions.  I assumed it was a phishing attempt or some other spam.  Fast forward three years when I try to use my Amazon account again, and I found out my account was frozen due to an investigation into this charge.  They won't even let me close the account (since an investigation is "open"), but they'll happily let me open a new one.  I haven't yet taken them up on that offer.  

  • Actually, the way that you sell stuff through Amazon is a bit weird: they give you money, but you also have to pay them a fee, and they deduct that from your bank account rather than just reducing the money that they give you. So, it seems vaguely plausible that someone could use your credit card to pay for their listings, then redirect the income to a different account.

Page 1 of 1 (4 items)