FAQ - Identity Thieves Using The Amazon.com Name to Harvest Credit Info


I received this email today from Amazon.com. It looks like a con job to me. Is it?


Dear Amazon.com member,

This email is being sent to you because Amazon.com need to remind you that it has become necessary for you to update your account information on our website. This has become necessary because of the fact that we have installed a new security system onto our website for your added protection.

We are offering a 7% discount on anything you buy from Amazon.com if you update your information within the next 10 business days. For the first 1000 users to update their account we have a special discount just for you. We are offering a 25% discount off of anything that you purchase for the next month after you have updated your account information.

So if you want this discount update your account information today! Just click on the link below and it will take you to our website where you will just need to follow the directions on the page. If nothing happens when you click on the link, copy and paste the link into the address bar of your web browser.


*** IMPORTANT! ***
Do NOT send credit card information through email! Send your updated information only through our website!

DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated program and the reply will not be received.

Thanks for your time,
Amazon.com WebSecurity Team


I am highly suspicious of this email and you should be also for the following reasons.

  1. Think about it. Amazon.com does not need to spam people about updating their credit card account information. When you make a purchase, ALL websites, always ask you to either correct or update your information on the secure site when you check out. There is no need for Amazon.com or any other online company to get that information ahead of time.

  2. The real URL of Amazon.com is: http://www.amazon.com. Go there and navigate to the correct areas.

    The Phish site uses part of the amazon.com name in the URL to 'calm your fears'. If you look at it closely you will see that it is redirected to a PHISH site.
    The amazon.com is followed by a : (garbage prefix) : @ (IP Address) http://www.amazon.com: fvthsgbljhfcs83infoupdate@
    Note: In a URL everything between the http:// and the @ sign are ignored. The actual site is the IP address following the @ sign.

  3. The senders are practicing Social Engineering: http://help.isu.edu/disppage.php?doc_id=788&sec_id=40 - What is social engineering?

    To gain your trust, these guys even warn you not to send personal information via email.

  4. Look at the header IP of the sender. In this case it said, received from, but the email content wanted you to log into a website at, neither of which matches the real IP for Amazon.com which starts with a 207.

    Do your own investigation of IP's and origins. IP addresses are registered. http://www.bankes.com/nslookup.htm - Multiple DNS Lookup Engine

  5. The carrot? Discounts if you act RIGHT NOW!

  6. The club? You lose your confidential credit information to con artists and identity thieves.

If you receive this type of fradulent email, report it to Amazon.com via their Help Stop Deceptive E-mail Forgery ("Spoofing") email address: stop-spoofing@amazon.com.

To view what Amazon.com is doing about this problem visit their site: http://www.amazon.com/exec/obidos/tg/browse/-/4060771/ref=br_bx_c_2_1/104-5781781-3128741

By the way, Amazon.com is just one of many trusted companies being abused in this manner. Crooks use any and all means to separate you from your money.

Did this document solve or help you with your problem?

Yes   No  

Category: Viruses and Security     Platform: Not Applicable
Document #: 789     Author: Cynthia Senicka    
Last Modified by: Joshua Moor on 06/04/2008