This morning while I was reviewing the messages placed in the message quarantine by Avast Business Cloudcare Anti-spam I found a message that caught my attention. It had a subject heading that read Activate your new $50 reward from Amazon.com, but the from address didn’t match up to messages I’ve received in the past from the amazon.com domain.
The from address looked like this: firstname.lastname@example.org. If you noticed the bolded portion of the senders email address you notice quickly that it is not amazon.com. That is a dead give-away that the message is very likely fake and did not come from where they want you to think it did. The hook here is the first portion of the email address: email@example.com. The attempt being made here is to get the recipient to believe that it is actually from Amazon.
The body of the message looked like this:
I checked to see where the link went – which I don’t recommend anyone try – and it appears that this might be a low-level threat, but I didn’t spend a lot of time checking to see what was going on under the covers while I was at the site. There was a real quick page re-direct and at that point closed down the session.
I wanted to make everyone aware of this potential email-born threat. If you receive this message or one like it. Toss it in the trash. If you’re an Avast Business Cloudcare Anti-spam subscriber and you find this in your quarantine its definitely junk and you should blacklist the sender.
Addition (2017.12.08 1354): I’m sitting on my favorite chair going through some messages when my suddenly ask me excitedly, “Is this a real message?” She had gotten something very similar to the one show above, but from a different sending address, so I explained to her how to tell if it’s possibly real I or not. The Hook really caught and held her attention such that she almost believed it was from Amazon, but at the last minute she got suspicious and asked me.