Amazon order almost complete says fake email

Amazon order almost complete says fake email

Amazon phishing emails have been rare over the last 6 months. So of course we have received several in the last week. Buses come in threes; the same must apply to Amazon phishing campaigns. This campaign aims at stealing credit card details. The email is realistic. The links in the email are not. All five links lead to a phishing site.

As mentioned in previous posts, cyber criminals sometimes use genuine links in phishing emails. The purpose of the genuine links is to make the email look authentic. This email does not mix genuine links with malicious links. Instead it relies on a realistic look and feel. It is a fake email and can be deleted. We remind people that you should never click on a link in an email unless you are certain it is genuine.

Figure A is the email in question. The Amazon logo headlines the email. The subject of the email is “<recipient first name> – Your Order is almost complete”. The email greeting is “Hello, <recipient name>”. It is concerning that the criminals have been able to extract the recipient’s name and use it in the greeting. We suspect this was obtained via a previous attack. The sender of the email is “”. The email domain is not the Amazon domain.

The reason for the email is ostensibly to complete an Amazon order. It is a ruse. The idea behind the email is to trick the recipient into clicking on a link to find out how they came to order the item. The phishing site then provides a means to cancel the order, but you need to provide credit card details to do so.

MailShark Amazon order almost complete says fake email
Figure A – Click to Enlarge

The links give this email away. The links lead to the same malicious site. This site steals credit cards details for fraudulent use. Do not click on any of the links in this email. Delete it.

Scott Reeves
Free anti-spam service
Free email filter service

Share This Post

Post Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.