A very convincing fake Amazon spam mail is making the rounds on the internet that could fool consumers into installing malware on their computers, a cybersecurity expert is warning. Security expert Graham Cluley was alerted by a reader about a spam email pretending to be an Amazon.com order confirmation email, and looks enough like an authentic Amazon email to trick users. The email tricks consumers into thinking that someone has hacked into their Amazon account and is using their credit card to purchase a 16GB iPhone 6.
Unlike most spam emails, which usually have bad spelling and grammar, as well as the wrong font or a complete lack of effort in designing the email template, this spammer has taken the trouble to completely replicate the Amazon order confirmation email template, right down to the Amazon logo, the shading of part of the email and the font typically used.
There are no spelling or grammatical errors, and the only way to spot that the email is fake is by looking at the Amazon product listing, which lists the product as an "Iphone" rather than as an "iPhone", and by seeing that there is no address listed showing where the product will be delivered to.
Considering that all products on Amazon are added by the retail giant, and individual sellers have to use the selling template that has been pre-populated by Amazon, unlike eBay, where users choose their own listing titles and descriptions, it's unlikely that Amazon would spell the name of a popular product like the iPhone 6 wrongly.
Amazon never sends email attachments
Of course, if you look carefully enough, the biggest red herring about this fake spam email is the fact that it comes with a word document attachment – Amazon emails never come with attachments. According to Graham Cluley, the attachment is called amazon_invoice_991773782.doc. If you open this attachment, malware will quietly install itself on your Windows machine and infect your computer.
"Look for clues that the email may not be legitimate. Unexpected attachments are one clue that mischief may be afoot, but also look for information (such as your snail mail address or full name) that would normally be included in the company's emails," Cluley advises in a blog post.
"Furthermore, be wary of clicking on links in unsolicited emails, as they might take you to a phishing page, or a website harbouring malware, rather than the real website."
Amazon tends to be quite on the ball with responding to customer service enquiries, whether you live in countries where call centre support is on offer, or whether you correspond with the website by email.
So if you receive an email like this, it's always a good idea to check in with Amazon first and get them to look at your purchasing history if you're worried, before seeing red. And never open email attachments unless you know who the sender is and usually receive attachments from them.