TOP STORY
We have been hearing a lot from people who have been targeted by criminals in India (accents identified as Indian) disguised as customer support from Amazon, saying that there is a problem with your Amazon account. Listen to this recording a TDS reader sent to us claiming to be from Amazon. The artificial voice claims that someone fraudulently purchased a refurbished iPhone 6 on your account and you need to visit the nearest Amazon store to clear this up. (Amazon has about 18 popup stores around the U.S. Good luck finding one!) Or you can call their “fraud detection number” at 855-280-4861 “else we have to block your account.”
Click to listen:
Often, the caller’s ID is spoofed to look like it comes from the real Amazon customer support phone numbers. If you are not sure that a call like this is real or fraudulent, one of the best things to do is to Google the phone number you are asked to call. In this case you would see that there are hundreds of people complaining that the phone number 855-280-4861 is a scam number, such as on RoboKiller.com and 800Notes.com. Normally, that would be the end of this fraud. But cybercriminals are creative and resourceful! During the last couple of weeks we have been hearing from TDS readers who report that these fraudsters are following up with emails to people who have tried to contact Amazon. One woman from the Carolinas received a call after using a help form in her Amazon account but became very suspicious during her conversation with “Amazon customer support.” The caller had an Indian name and accent. She eventually hung up. The next evening this woman received the following email. ALMOST EVERYTHING about this email appears to be legitimate and believable. Can you spot the subtle clues that made the woman suspicious that this may not be what it appears to be?
Often, the caller’s ID is spoofed to look like it comes from the real Amazon customer support phone numbers. If you are not sure that a call like this is real or fraudulent, one of the best things to do is to Google the phone number you are asked to call. In this case you would see that there are hundreds of people complaining that the phone number 855-280-4861 is a scam number, such as on RoboKiller.com and 800Notes.com. Normally, that would be the end of this fraud. But cybercriminals are creative and resourceful! During the last couple of weeks we have been hearing from TDS readers who report that these fraudsters are following up with emails to people who have tried to contact Amazon. One woman from the Carolinas received a call after using a help form in her Amazon account but became very suspicious during her conversation with “Amazon customer support.” The caller had an Indian name and accent. She eventually hung up. The next evening this woman received the following email. ALMOST EVERYTHING about this email appears to be legitimate and believable. Can you spot the subtle clues that made the woman suspicious that this may not be what it appears to be?
The email above appears to have come from the domain Amazon.com. The links in the email point to Amazon.com. Notice that the most prominent link in the center of the email, for the help pages, points to the domain amzn.to. This “amzn.to” is a shortening service that is owned by Amazon. Also, the phone numbers listed in this email are the real and legitimate Amazon phone numbers. So what’s going on here that deserves our attention?
This email contains several grammatical and capitalization errors. The errors made our TDS reader suspicious because she expected the professionals at Amazon to do a better job in any email they might send her. She forwarded the email to us to ask what we thought. Our initial thought was legitimate, although the English errors bothered us. We have confirmed that the phone numbers are real numbers for Amazon. Even RoboKiller.com says that the 206 number is legitimate! HOWEVER, scam callers have spoofed these phone numbers SO MANY TIMES that many people now doubt that they are the real Amazon phone numbers. Even RoboKiller.com is calling the real Amazon 888 phone number a scam number! There are many discussion threads online about this problem, including this post on Tellows.com from Cat on November 13, 2019 at 21:08:33 about the phone number 206-922-0880, found in the above email:
“The number is being spoofed. The criminals just made the caller ID read the real Amazon number. Here’s how I know – this number called my cell phone. I have never given Amazon my cell. My account has my home number. My Amazon Prime account is about to be charged $32. I say that isn’t accurate. They ask, would you like to cancel. I say, sure. They say ok and start asking me questions like, what type of phone do you have? And verify my address. Complete BS folks. I should have known it from them calling my cell – which I never give to places I do business.” [Read the full thread at Tellows.com – a database of phone number profiles created by community members.]
Phone spoofing is now so common that it has poisoned Google’s, and people’s perceptions about the real Amazon phone numbers. Cybercriminals are also able to spoof the FROM email address to look like it comes from the real amazon.com domain. When readers contact us, we always try to do our “due diligence” even when we’re pretty sure that something is legitimate, such as the above email. So we asked several services to check that shortened link in the middle of the email. What happened next surprised us and was completely unexpected! Not one, but two services (CRDF and Sucuri.net) detected malware waiting at the end of that link and a third service (Hybrid Analysis) found the link to be suspicious. Take a look…. (Note: the short amzn.to link in the email points first to a full link at amazon.com and then redirects to the shortened link before redirecting again.)
We have found references online going back to 2012 saying that the domain amzn.to is incorrectly being blacklisted as unsafe, when it is not unsafe. However, like the three services above, we find plenty of links saying that there are other amzn.to links that ARE UNSAFE. Amazon has a SERIOUS credibility problem with their legitimate phone numbers and domain names because of the overwhelming volume of scam calls and malicious emails pretending to be Amazon! To be perfectly honest, we’re not 100% certain that the amzn.to link is indeed malicious. However, given the cleverness of cybercriminals, their access to personal information (such as the woman’s email address) and the volume of scams pretending to be Amazon, our recommendation to the TDS reader was not to click those links and to delete the email.
Hey Jeff Bezos! Can you hear us little folks screaming from way down here below?! In the words of Hugh Masekela, “There’s a whole lot of jivin’ going on.” CYBERCRIMINALS HAVE CREATED A SERIOUS CREDIBILITY PROBLEM FOR AMAZON AND YOU NEED TO FIX IT!
|