I recently came across the following spam message, spoofing an Amazon.com purchase order:
This is a nicely formatted message. Of course, none of the links go to anything in Amazon, they all point to the same link which is a URL located in South Korea. Note that every link points there, even the Help Department and Learn More links. The URL is hosted in IP space in South Korea as well, which is nice for a change because often times the links and IP space where the abusive URLs are hosted are in multiple countries/regions with multiple jurisdictions.
The tactic behind this, of course, is that the user gets an email in their inbox. There are three cases:
Spoofing is nothing new. It has been around forever. This one is nicely formatted though but is not the most sophisticated I have seen.
In addition to the landing page downloading malware, it could also be a fake Amazon login page, meant to steal login credentials (so someone can really buy something you didn't order).
It is a very well done note. The odd screw-up about it, which really flags it as bogus to me, is the assortment of inconsistent prices: subtotal 66.99, total before tax 84.99, tax 0, order total 77.99, price 95.99... say what? That mess alone is what should tell even a non-techie that it's not real.
Actually, Barry, one could argue that the assortment of inconsistent prices would further confuse a user, leading them to login to the page. "What is going on? I need to sort this out!"