General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsWarning: Active phishing spam/scam purporting to be from Amazon, FYI
If any of you get one or two emails about your Amazon order having shipped but there's a problem with it or your order money was refunded because of a problem, do NOT click on any links there. Get thee to your browser and go to Amazon.com itself and check it out from there ONLY if you know you have any existing order. Do NOT get to Amazon through those emails ('cause you won't). Since a lot of people order from Amazon from time to time they may not pay attention. I got one that said "Your Amazon Order 23434 has shipped." only to be followed with "Your Amazon Order has been cancelled" or something and another. I wasn't aware I was expecting a package, and to be sure, the URLS went to some place in Europe, and it was not an official message.
p.s.: Phishing is a technique where a company pretends to be another and "phishes" for information, whether it's your credit card, or login creditials or whatever. Whenever in doubt, go to the browser and look up the original site. Never through the email you received unless you're experienced at telling the difference.
Thanks to DavidDvorkin (downthread) for encouraging me to point this out.
Oh, and to add to the URLs comment - the text in the message may say 'Click here to go to Amazon / My Accounts" or something, but if you look up the real destination, it's somewhere in in eastern Europe or something.
Better yet, if you turn off your browser to automatically show inline images, it'll minimize how you can get tracked. If anything else wants to know more, reply and I'll elaborate, but for now, at least don't click the damn links.
DavidDvorkin
(19,489 posts)Tab
(11,093 posts)Thanks
hobbit709
(41,694 posts)The dead give away is always some variation of "Dear Valued Customer"
If you do have an Amazon account they know your name and will address you by it. Same goes for any other people you do business with on line.
Tab
(11,093 posts)I don't have anything in the pipeline right now but my wife might. I was suspicious enough to check this one out, but many will probably just click without realizing it's not the real thing.
hobbit709
(41,694 posts)Last edited Tue Feb 2, 2016, 06:49 PM - Edit history (1)
KamaAina
(78,249 posts)Tab
(11,093 posts)Undoubtable an amalgamation of all.
Saw Phish up close (second row) opening for Santana, and Carlos Santana graciously offered them to have the join Santana on-line.
Grew up on the Dead, so Phish isn't quite the same, but I appreciate them trying to continue the legacy, and Carlos Santana for giving them stage time.
madokie
(51,076 posts)"Better yet, if you turn off your browser to automatically show inline images, it'll minimize how you can get tracked. If anything else wants to know more, reply and I'll elaborate, but for now, at least don't click the damn links."
I use Ubuntu and firefox
Tab
(11,093 posts)And I worked for an email firm, where this was a legitimate (but pretty much anyone can use it) technique.
If you DON'T show inline images, it'll just show fonts and text and so forth.
If you DO show inline images, what happens is that usually a little pixel is embedded with a unique identifier that goes back to you (and back to the sending company). Every single email, even if it seems unique, if they're using this technique, can see that that pixel address requested an image (usually a white pixel or something you won't notice) but what you really realize is that it tells that server that that particular pixels was requested.
Since they match the pixel ID to your email (even if it's the same ultimate stupid white pixel for everyone) they know from your unique address that the pixel meant that you must have read the mail if you're asking for that pixel. That confirms the validity of your email address to the bad guys, and they can send more.
Further, in more advanced situations, although probably used with more established companies than just phishers, the pixel link can be set to redirect to another particular pixel in x amount of time, and maybe yet another or two after more time. So, what that tells an advanced email company is that you opened the email (the first pixel), kept it open to read or at least glance at it for another period of time (maybe 20 seconds), and if they make the third redirect they know you're keeping the email open, if only to read it.
What you can do is set your browser to not render inline photos/graphics/pictures. Thus, the pixel will never get rendered, thus never sending feedback that you actually opened the email.
Now, of course, there are images you want to see, maybe kittens from your niece or whatever, and you almost always get a message saying "inline images were blocked - click to see inline images". Do that with people you know, and you'll see what they sent.
For everything else, though it keeps you from being reported as having "seen" (and thus validated) an email from your email address.
Hope this helps.
- Tab
madokie
(51,076 posts)Is what I want to know
Thanks in Advance.
Thanks for the heads up to begin with.
firefox and thunderbird is what I use
Tab
(11,093 posts)but for thunderbird, go to (on the menu bar) Tools | Options | Privacy and the top of Privacy options says "Mail Content". There's a checkbox for "Allow Remote Content in Images". Uncheck that.
Now when you look at an email with remote content (former images will display as squares/outlines, maybe with text alternatives) and there should be a bar at the top of the message that says something like "Remote Content could not be Displayed - Allow Remote Content" or somethimes "Not all images could be displayed - Options" and use those to turn it on for the messages you want to see content from and then you'll get all the kitten pictures in that email your little heart can stand
B Calm
(28,762 posts)Tab
(11,093 posts)it's a firm pretending to be Amazon. Amazon itself has always been above board.
This pfishing crap can happen to any company - they don't have any control over what someone in eastern Europe wants to float out. Don't blame them, just make sure when you're talking to someone that says they're Amazon that it really is. I only have praise for Amazon itself.