It seems scammers are becoming too honest for their own good these days, that’s if this latest Amazon phishing email is anything to go by.
It starts by explaining that your account may have been subject to a phishing attack and even goes on to explain what this means. It then asks you to follow a link to say you’ve forgotten your password – whatever you do, don’t follow this link and certainly do not request or click on the ‘I’ve forgotten my password link’ as the email asks.
The full email
This is an important message from Amazon.com
As a precaution, we’ve reset your Amazon.com password because you may have been subject to a “phishing” scam.
Here’s how phishing works:
A scam artist sends an e-mail, which is designed to look like it came from a reputable company such as a bank, financial institution, or retailer like Amazon.com, but is in fact a forgery. These e-mails direct you to a website that looks remarkably similar to the reputable company’s website, where you are asked to provide account information such as your e-mail address and password. Since that web site is actually controlled by the phisher, they get the information you entered.
Go to amazon.com/phish to read more about ways to protect yourself from phishing.
To regain access to your Amazon customer account:
1. Go to Amazon.com and click the “Your Account” link at the top of our website.
2. Click the link that says “Forgot your password?”
3. Follow the instructions to set a new password for your account.
Please choose a new password and do not use the same password you used with us previously.
Thank you for your interest in Amazon.com
Please note: this e-mail was sent from an address that cannot accept incoming e-mail. To contact us about an unrelated issue, please visit the Help section of our website.
What to do
As with all other scams this one seems honest enough in its wording. If you’re unsure the best course of action is to contact Amazon via phone or email after signing in to the official site. They can confirm whether your account had indeed been attacked, or whether you should just ignore the email.
What Amazon said
The e-mail you received wasn’t from Amazon.co.uk, and we’re investigating the situation. We suggest you never respond to any e-mail message that asks you to provide personal or financial information, open an unsolicited attachment, or navigate to a website linked to in the e-mail.
If you responded to the e-mail or visited a linked website but didn’t provide any personal information (such as your login or password) your Amazon.co.uk account information should be safe.
Have you received such an email before? What did you do to resolve it?