Contribute
Register

How to spot a credit card phishing email - Fake Amazon Prime email

Status
Not open for further replies.
trs96

trs96

Moderator
Joined
Jul 30, 2012
Messages
25,543
Motherboard
Gigabyte B460M Aorus Pro
CPU
i5-10500
Graphics
RX 570
Mac
  1. MacBook Pro
  2. Mac mini
Mobile Phone
  1. Android
Just got this in my inbox today. I knew it was fake from the subject line since I didn't try to pay for Amazon Prime. The other big clue was that it came to an email address I've never used with Amazon.

Some people that do get this may have just bought AMZ Prime (They send out tens of millions of these every day) some people fall for it.

1. First clue it's fake. They address you as "Dear Customer" instead of using your name.
2. Poor grammar. "The charge for your membership was decline." It should say payment was declined.
3. Huge Update Payment button. Amazon never does anything like this in an email. They'd never have you click an email link to do the update.

Screen Shot 19.jpg

The authors of this email are just trying to get your Credit Card number and then run up charges on it.
If you're still not convinced it's fake, look at the email address of the sender. That is definitely made up.

fixissueuser-paymentmanager@beautyaccories.onmicrosoft.com

Doesn't really look like something Amazon would use for an email to a customer.
Screen Shot 18.jpg
 
Last edited:
Not phishing, but just received a CitiCard statement with 4 instances totaling $2100 of charges from "HBF" in Yakima, WA. ("Hurst Berry Farms?") All bogus; our MasterCard is cancelled and a new one will be issued. Have no idea where this happened... Started around July 1, apparently. Maybe a restaurant copied front & rear of our card and went from there?
 
Mini-ITX 4 (2019) 14.4.1/OC 0.9.9
Z390 I AORUS PRO WIFI |  i9 9900K |  RX 580 Pulse 8GB
Mini-ITX 3 (2018) 10.13.6/OC 0.9.8
Z370N WIFI |  i7 8700 |  GeForce GTX 1050 Ti OC
Mini-ITX 2 (2016) Now Windows 11 Pro 22H2
GA-H170N-WIFI |  i7 6700 |  Radeon Other
Mini-ITX 1 (2014) Gone. Now Windows 10 Pro 22H2
GA-H87N-WIFI |  i7 4770K |  Radeon Other
trs96 said:
Just got this in my inbox today. I knew it was fake from the subject line since I didn't try to pay for Amazon Prime. The other big clue was that it came to an email address I've never used with Amazon.

Some people that do get this may have just bought AMZ Prime (They send out tens of millions of these every day) some people fall for it.

1. First clue it's fake. They address you as "Dear Customer" instead of using your name.
2. Poor grammar. "The charge for your membership was decline." It should say payment was declined.
3. Huge Update Payment button. Amazon never does anything like this in an email. They'd never have you click an email link to do the update.

View attachment 527291
The authors of this email are just trying to get your Credit Card or PayPal payment number and then run up charges on it.
If you're still not convinced it's fake, look at the email address of the sender. That is definitely made up.

fixissueuser-paymentmanager@beautyaccories.onmicrosoft.com

Doesn't really look like something Amazon would use for an email to a customer.
View attachment 527292
Click to expand...
When my bank contacted, I asked them to tell me my date of birth. They claimed they couldn't prove who they were and advised me to phone the number on the back of my card and ask to speak with the fraud department.

It was so tempting to just believe them because, after all, scammers wouldn't do that, would they? But I hung up and dialed the number for my bank. The call was authentic, but I just had to do it since it's stupid to trust someone who calls you and claims to be your bank.
 
trs96 said:
Doesn't really look like something Amazon would use for an email to a customer.
Click to expand...
Yup, easy enough for the trained eye to spot.

According to my text-message spam scam logs over the last month, I should have received multiple packages by now via UDL (I won't hold my breath). Of course, each message had an obfuscated web address to click for further information... :think: :lolno:
 
Here's another fake phishing email. They pretend to be Microsoft and say that someone got into my email acct.

Well, MS would actually have my correct email in the body of the letter, which this didn't. They didn't even have my email in the To: field. It's as phony as a nine dollar bill. It would at least address me by my actual first and last name if it really were from MS.

Screen_Shot_5.jpg
 
trs96 said:
Here's another fake phishing email. They pretend to be Microsoft and say that someone got into my email acct.

Well, MS would actually have my correct email in the body of the letter, which this didn't. They didn't even have my email in the To: field. It's as phony as a nine dollar bill. It would at least address me by my actual first and last name if it really were from MS.

View attachment 538866
Click to expand...
The best way to spot these is to look at the raw message source.

Here is an example of a SPAM email my mail server blocked from LinkedIn (as seen in Thunderbird):

The key fields to look at in the raw source is:

Code: 
From: LinkedIn <[email protected]>
Subject: You appeared in 7 search this week
Code: 
Received: from server5.webhostbd.net (server5.webhostbd.net [23.29.122.170])

First clue it's phishing, Thunderbird only showed us the friendly name "LinkedIn". But in the raw source you can see the real source email address is <[email protected]>.

The second is when you do a whois for the Received from host 23.29.122.170. You'll see the host is on HIVELOCITY's network. Well LinkedIn is owned by Microsoft so why would they be using a third party hosting provider.

The third thing to look at is the links in the message. If the link is shortened like http://goo.gl/GG9FGT and checked on http://checkshorturl.com you'll see in this case the actual URL is http://bizzzup.info/wp-content/plugins/rajce-embed/rnb_p3_5.php?36474211 9220168935701. You should never click that link.

There are other things you can look at, but these two are the most obvious signs.
 
OctoTUF
TUF Z390-PRO GAMING |  i9 9900K |  Vega 64 8GB
KabyLake
GA-Z270X-Ultra Gaming |  i7 7700K |  HD 630
Kaby-Test
ROG STRIX Z270I GAMING |  i7 7700K |  HD 630
Status
Not open for further replies.
Copyright © 2010 - 2024 tonymacx86 LLC
Back
Top