Just to let you know, two of the reasons are going to be tough without having the real email in front of you. However, these are things you should look for in any email you get. That being said, here's the email.
-advertisement-
From: "Amazon" <xxxxxxxxx>
Subject: We Have an issue with your account
Date: November 17, 2015 at 10:08:28 AM MST
To: xxxxxxxxx
Reply-To: xxxxxxxxx
During our usual security enhancement protocol, We observed multiple login attempt error while login in to your Amazon account .
We have believed that someone other than you is trying to access your account for security reasons,
We have temporarily suspend your account and your access to online Amazon and will be restricted if you fail to update
1. Email addresses
For privacy reasons, we had to redact the email addresses from the image; it appears this email was sent out from a hacked personal account. However, we can tell you that the From and Reply-to addresses were not Amazon addresses. While hackers can trick the "From" to give any name they want, if you hover your mouse cursor over the From name, or click on it, in most email services you'll see the actual address pop up after a few seconds.In this case, the address was clearly a personal address. Even if the address did say "Amazon" in it, though, look for tricks like "amazon.something.com," or "amazon@something.com" where Amazon isn't the actual domain. Legitimate emails from Amazon will only end with "amazon.com".
2. Links
Again, you couldn't tell this from the example above, but the links in the email weren't to Amazon. Instead, the email's links were to a form page on a random server that didn't say Amazon anywhere in the address.If you had gone there, there would likely be a spot to enter your Amazon username and password. Typing it in would have given the hackers access to your Amazon account.
To spot this trick in other emails, hover your mouse cursor over the button or link. You'll see the real link pop up after a few seconds. You could also right-click on the link, copy it and then paste it into a text document to see where it would really send you.
3. Language
The hallmark of most phishing emails is the terrible use of the English language. Even in cases like this where the hackers take the time to get a template of a real Amazon email (although that security logo is an obvious late addition), they still can't seem to write good copy.While a company's official email might have the occasional misspelling or grammar gaffe, a standardized notification email like this should be perfect. Plus, this sentence alone would get any Amazon employee fired: "We have temporarily suspend your account and your access to online Amazon and will be restricted if you fail to update"
4. Instructions
Aside from how the email is constructed, pay close attention to what it asks you to do. It says that there was a security problem with your account and you need to click a button to log in. That's a classic phishing technique.Any responsible company that's sending out an unsolicited security notification will tell you to go to its website home page and log in to your account from there. It might tell you to call customer service with any questions. It won't tell you to click a button or link, or download an attachment.
5. Fine print
Because this template was stolen from a real Amazon email, the fine print at the very bottom doesn't match up with the main body. Specifically, this line stands out: "Please note that product prices and availability are subject to change. Prices and availability were accurate at the time this newsletter was sent; however, they may differ from those you see when you visit Amazon.com." Obviously, this was a deal or product notification email the scammers used, not a security email.So, how many of those problems did you spot? Would this email have fooled you if it showed up in your inbox? Let us know how you did in the comments, and if there was anything else that tipped you off that we didn't cover.
