Dave, help! I just got an email that says I’ve purchased a MacBook Pro and that they’ve already charged me half the cost. The number to call if there’s a problem is weird, though, so can you tell me what’s going on? I’m afraid it’s a scam…
There’s no question that accounts get hacked and fraudulent transactions occur online. Every hour of every day. Even with Amazon and even from credit card accounts managed by smart, reputable banks. It’s a fact of life in the modern world and it’s rather a frustrating situation. But more frustrating are scammers who have realized that they can send an email that makes it look like a receipt, warning, or even request for account confirmation and sucker people into responding without having hacked any accounts in the first place.
Why? Because we’re all too darn gullible and trusting. If we get an email from our bank saying something’s wrong and asking us to click on a link, what do we do? Click on that link. If we get a phone call from the local city government or the Internal Revenue Service saying they need to confirm our personal info, what do we do? Share that information with them. It’s all problematic and the very best way to protect yourself isn’t to pretend these messages aren’t making it into your inbox or voicemail, but to make it a habit to investigate and look for warning signs it isn’t legit.
It’s also smart if you get a notification from any institution to log in directly to that Web site (don’t click on a link, type in the company’s site address) and look to see if there’s a confirming message in your account. Odds are there won’t be and you just avoided being scammed.
ANATOMY OF AN AMAZON PAYMENT SCAM
Now, on to your message. This is probably exactly what you received, even down to the same “order number”:
It’s pretty ugly, but as you’ll see, the official messages from Amazon are pretty poorly formatted too, so that’s not necessarily a warning sign. What is problematic is that you didn’t place this darn order and that the format is completely wack. Not only that but Amazon doesn’t allow you to pay for some of a product and have it shipped while awaiting the remaining payment. Look closely and it’s a $1489.87 Apple MacBook you’ve supposedly purchased, of which $898.87 has already been “auto-debited” from your account.
This scam plays on your fear that something’s already happened and that you need to fix it before it’s too late. Except every bank has fraud protection nowadays and if this were legit, they’d back you and reverse the charge. Amazon would too: The company is quite flexible with returns and has a strong anti-fraud department. But if you’re panicking about “I can’t afford $898 for a computer I don’t even want” it’s hard to think about that. I get it.
There are, however, more clues that this is a scam. First off, that order number is just silly. Amazon processes billions of transactions so there’s no way that an order ID would be so short. You’ll see what I mean momentarily. And then there’s that weird phone number +1//877//375//6785. Why the slashes? Because it’s the scammer trying to avoid spam filters that would otherwise axe this message without it ever reaching your inbox.
And then there’s the sender’s email address, which you can see by hovering your cursor over the sent info (in most email programs like Gmail):
This is just lazy. If it were from “orders@amazon.com”, maybe, but damionumironi292@gmail.com”? C’mon! You shouldn’t have to go any further than that to know with 100% confidence that it’s a scam and you can safely delete and forget.
A REAL AMAZON EMAIL RECEIPT
If you’re curious, here’s what a real email message from Amazon about an order looks like:
As I said, those order numbers are a LOT longer. Note also that it’s from a logical email address: auto-confirm@amazon.com. The formatting is pretty ugly, and the inclusion of clickable links is a bit questionable (if you want to confirm, go to amazon.com, log in, then check on the status of your latest order to be completely safe). But still, not only is there that long, long order number, but that it shows up again and again (and what doesn’t show up is the actual cost of the item or items).
The long and short of it is that there are a lot of automated systems in place to help protect you from fraud, systems at Amazon, your credit card companies, and your Internet and Email providers, but the ultimate responsibility still rests on your shoulders. Learn to be vigilant, investigate, ask if things make sense, take a deep breath, then think about other ways you could confirm the legitimacy of something without clicking or trusting anything in the email message you just received.
Finally, know that they probably aren’t targeting you specifically, so you’re not on the “shortlist” of some evil hacking organization in some dank basement overseas. You’re just one of millions of email addresses to which these organizations send the exact same message, hoping that just one or two will be duped into calling, sharing personally identifiable information (in this case “what credit card do you usually use for Amazon purchases? Can you confirm the number?”). Remember: Question, investigate, delete, forget about it. Be safe out there!
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!
My first reaction when I receive an email like this one is to open my web browser and go to the appropriate website to verify the email for myself. I never click a link in ANY email until I can confirm its authenticity.
If it purports to come from a company/organization I do business or have an account with, I do as above (go to the appropriate website in my browser) to check it out.
If it purports to come from a friend or associate, I contact that individual to confirm they sent the email, including its title, etc.
If I cannot confirm its authenticity, I check my bank account to make sure no fraudulent transaction has occurred. If not, I move the email to the spam folder. If so, I inform my banker about it and ask him/her how to proceed.
My number one rule about email is “Never trust ANY email.” It comes from the Internet, so until you can confirm its authenticity, DO NOT CLICK ANY LINK! I even confirm the authenticity of the newsletters I get. Before I click any link, I hover my mouse over it to see what the URL is. The one for this item is:
https : //p.feedblitz.com/t3.asp?/10320/584282/82368_/~feeds.feedblitz.com/
~/683388798/0/askdavetaylor~SCAM-Did-I-Just-Buy-A-Computer-From-Amazon-I-
Demand-a-Refund/
I see it comes from feedblitz, then further in the URL, I see that it points to “askdavetaylor~SCAM-Did-I-Just-Buy-A-Computer-From-Amazon-I-Demand-a-Refund/” (the title of this item).
Because I see similar information in every link in the email, and they all point to the labeled item through feedblitz, and because I see feedblitz in the links of all my recent Dave Taylor newsletters, I can rest assured that this is most likely a valid newsletter form Dave, so I can safely click the links to the items I want to read.
This is how I handle email messages and it has kept me safe from scammers since I first learned that email scams exist – around the late 1990s.For me this is an element of Cognitive Security (the practices that secure the computer against what is on the other side of the keyboard – me) :). If you don’t already, I suggest you adopt a similar approach to handling emails. It can and may save your bacon someday.
My2Cents,
Ernie