UKC

Just a heads up - I'm usually pretty savvy at spotting scams, but today I received an email purporting to be from Amazon that almost had me fooled - and everyone else I have shown it too was fooled as well.

Apparently I've ordered a ph meter that will delivered on 24 Dec... If I'm not sure about the order I should click here... Yes it is a scam. Just take care out there, folks.

In reply to Rob Exile Ward:

Thanks for the warning. It's really very easy [certainly for me] to be taken in by phishing and other scams.

In reply to Rob Exile Ward:

what address did it come from?

I use the app on my phone a fair amount now, and often just delete emails from Amazon without reading them as the app notifies me fast when something has been delivered etc. Also, rather than clicking on emails just going to "your account" on their website directly is probably the safest way to do things.

In reply to Rob Exile Ward:

Yes, we had the same email.

In reply to Rob Exile Ward:

There is also some very good scam emails purporting to be from Pay pal and iTunes, same format used, pretending you've bought something and inviting you to click or check your account details.

In reply to Rob Exile Ward:

I got it too, also nearly taken in by it

In reply to Rob Exile Ward:

I suppose the litmus test would be if you clicked on the link.

In reply to Rob Exile Ward:

I've also had a very convincing one that made me look twice regarding amazon prime and an order for a mobile phone case.

In reply to Rob Exile Ward:

It's not an Amazon scam really is it, it's the same email scam that has been around for literally decades.

In reply to Rob Exile Ward:

Surely people KNOW what they've ordered from the likes of Amazon

In reply to FesteringSore:

Thats the point - it suggests to you that maybe it wasn't something you ordered, so you say "oh yes it wasn't, so I will click here to confirm I didn't"

In reply to Yanis Nayu:


And then suffered from acid reflux

In reply to FesteringSore:


In a large family, say, all using the same account, it must be very easy for the "bill payer" to think, wtf what has been order now, and click in haste.

I know couples where one does not know what the order has bought on their cards, and that is genuine purchase!

In reply to Removed User:

I'm not sure of your point, caller. I get a lot of these every day, I have done for years; they are normally easy enough to spot. This one wasn't, it was pretty bl**dy convincing.

I was just giving a heads up for others, and I imagine others will reciprocate in similar circumstances.

In reply to Rob Exile Ward:

Just looked in my spam folder and there is something similiar in there from Argos, containing a zip file, which Yahoo warns me not open.

I wouldn't be surprised if this contains a ransomware virus - one of my colleagues got hit by one of these earlier in the week, fortunately it was possible to recover his data without having to pay up.

In reply to Rob Exile Ward:
A couple of days ago got a new one to me - Netflix and about my account. Though it was corrected addressed, I knew it was spam as I don't have a Netflix account, but on the face of it, it looked otherwise convincing. Usual errors in spelling, etc , were not present, and the underlying from address was not an obscure website or just an
IP address.

Last month got the first of several Amazon emails, not same as yours, but were for account verification; they were obvious though as addressed to Recipients and Dear Account Holder.

In reply to Climbing Pieman:

I had the Netflix one to, very convincing....I had to check on my account to make sure it was a phishing one.

In reply to Rob Exile Ward:
There are a lot about. Amazon, etc are easy targets as many people have those accounts.

I investigated one that had slipped through the AV at work, purportedly from the DVLA notifying about a Congestion Charge fine. I sent a mail out asking that if people had clicked on the link to unplug from the network, and turn off wifi etc. Many people were very angry, stating that if they did that they wouldn't be able to do any work.

Even if you run an AV, malware will get through on occasion. AV is updated every 30 mins or so, which gives a 29 min window of attack, against even the most savvy users or protected systems.

A good way to spot them is to look at the message source. If it was sent from dsl-123.isp.example.com then it probably didn't come from paypal. Also links can be obscured to that it may say paypal.com in the mail, but the actual link is to evil.com.

There are online virus scanners which will check to see if it is a zero day virus. Though even these can take some time to spot a new variant. https://www.virustotal.com/ is a good one.

And yes, Macs do get viri, as do phones. Use an AV. There is no excuse not to, as there are some good ones that are free, such as sophos etc.

If you whine about it slowing down your machine or running down the battery, imagine how much slower things would be if your hard drive became encrypted. The bad guys charge £250 and up, to decrypt it and if you don't pay within a week they delete the decryption keys. Fun, fun, fun. But you've got recent off line backups, right?

Just had an Apple phishing e-mail filtered into my junk e-mail box. The sender address was adequately spoofed and there was no generic salutation (no salutation at all in fact) but hovering over the link in the e-mail showed that it was nothing whatsoever to do with Apple.

The advice to always access your account directly from you browser, if you are in any doubt, rather clicking on the link in the e-mail is sound.

Phishing e-mails seem to proliferate around public holiday periods. Anyone got any idea why? Is it because people have more spare time to idly pootle around in their Inbox and click on random stuff? (Given the number of consumer advice stories which seem to involve people not noticing things going awry because they didn't manage to read, or read adequately, the e-mails that might have alerted them to the fact that something was going awry, I think this may be the case.)

In reply to Rob Exile Ward:

Thanks - yeah my father got taken in by this one. Thankfully he called me before giving any details etc.

In reply to Rob Exile Ward:
I currently use BT Mail and to hover over the address to check it I have to have it in the preview pane. I have always assumed that this is safe - can anyone out there confirm if that is so please?

In reply to keith-ratcliffe:

Pretty sure that's safe and effective. The problem is that it's not so easy to do that on mouseless devices like iPads and iPhones