55Jay Posted October 21, 2016 Share Posted October 21, 2016 Received an email today from Amazon "security-update" saying they found a list of hacked emails and passwords out in the internet wild, and changed my password to protect me. Can't remember opening an Amazon account, but may have at some point and forgot about it/never used it. I Googled around and found this is already "out there", suggesting this might be a renewed phishing attempt based on the old Amazon story line? There were also articles suggesting Amazon did change some client passwords preemptively earlier this year. I suppose both could be true at the same time. Posting as an FYI mental "bump" if anyone gets similar email. The Consumer Affairs article from March of this year, while it ends inconclusively, describes the email I got today. https://www.consumeraffairs.com/news/alleged-amazon-phishing-scam-is-scarily-sophisticated-031016.html Email I got today below with a link to Amazon dot com in the salutation: -------------------- [email protected] Today at 3:35 AM Message body Hello, At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email addresses and passwords posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on multiple websites. Since we believe your email addresses and passwords were on the list, we have assigned a temporary password to your Amazon.com account out of an abundance of caution. You will need to reset your password when you return to the Amazon.com site. To reset your password, click "Your Account" at the top of any page on Amazon.com. On the Sign In page, click the "Forgot your password?" link to reach the Amazon.com Password Assistance page. After you enter your email or mobile phone number, you will receive an email containing a personalized link. Click the link from the email and follow the directions provided. Your new password will be effective immediately. We recommend that you choose a password that you have never used with any website. You can also enable Amazon's Two-Step Verification, a feature that adds an extra layer of security to your account. In addition to entering your password, Two-Step Verification requires you to enter a unique security code during sign in. To learn more about Two-Step Verification, go to Amazon.com Help, go to Managing Your Account, and click More in Managing Your Account, and then click More under Account Settings. Sincerely, Amazon.comhttp://www.amazon.com This e-mail was sent from an address that cannot accept incoming e-mail. To contact us, please visit the Help section of our website. Link to comment Share on other sites More sharing options...
metisdead Posted October 21, 2016 Share Posted October 21, 2016 Moved to the IT and computers forum. Link to comment Share on other sites More sharing options...
Chicog Posted October 21, 2016 Share Posted October 21, 2016 It could be phishing, but they do tell you to go to the Amazon page to reset your password. You can type that in directly, just don't click any links in the email. Link to comment Share on other sites More sharing options...
KhunBENQ Posted October 22, 2016 Share Posted October 22, 2016 (edited) Does NOT look like a pishing email. There is plausible description/announcement what will happen (what you will have to do) when you open the amazon website. It's a good idea from amazon to reset you password after having found your email address (and associated password) on list from another source that has been hacked. To add some trust, open: https://www.amazon.com/ And then click the icon left of the URL to verify the security certificate (how to depends on browser, icon usually "green"/"locked"). Checking this makes sure you are connected to the authentic amazon website. Then try to logon with your known name and password. This should result in an error message. In this case follow the instructions from the email. I don't have a browser in English (except Edge where it is stupid/silly). So does it look in Firefox, in English it should read something like "Secure connection"). Edited October 22, 2016 by KhunBENQ Link to comment Share on other sites More sharing options...
KhunBENQ Posted October 22, 2016 Share Posted October 22, 2016 Let's just hope that your email account has not been hacked (like in the yahoo case). Make sure that your email is safe and probably also change the email password. Link to comment Share on other sites More sharing options...
JaiMaai Posted October 22, 2016 Share Posted October 22, 2016 To me, this is very clearly a phishing attempt. The language and prose style used is NOT what would be expected from a major online retailer.I suspect that hovering the mouse over the amazon dot com link in the email will reveal the truth. Link to comment Share on other sites More sharing options...
Chicog Posted October 22, 2016 Share Posted October 22, 2016 The comments in the link in the OP indicate that several (obviously security aware) people went directly to the Amazon website without going through the links in the email, and discovered that their passwords had in fact been reset. Either way, if you do the same, you're mitigating the risks of it being a phishing message. Link to comment Share on other sites More sharing options...
Chicog Posted October 22, 2016 Share Posted October 22, 2016 Although this seems to indicate that at least some of them are real... http://www.dailydot.com/debug/amazon-netflix-password-change/ Link to comment Share on other sites More sharing options...
KhunBENQ Posted October 22, 2016 Share Posted October 22, 2016 (edited) 3 hours ago, JaiMaai said: To me, this is very clearly a phishing attempt. The language and prose style used is NOT what would be expected from a major online retailer. I suspect that hovering the mouse over the amazon dot com link in the email will reveal the truth. As described in #4: open the Amazon site from your bookmarks or manually check the authenticity of the site try to logon with your know account data You will then learn whether something has to be done. There are endless reports that the password reset has taken place for certain accounts. Likely as a reaction to the huge yahoo leak/hack recently detected. I still bet this is NOT a pishing mail. It does not have the usual characteristics of such a mail. Looking forward to hear from the OP. The report linked in the OP is somewhat strange. Dated "03/10/2016", guess 3 October? Speculating but no proof that it was a p.m. Now 22 October and follow up? How does that sound to you? Quote I have forwarded the email to Amazon's real security department, at [email protected] and asked that it confirm the email is not from Amazon. If it turns out to be real, I'll be both surprised and embarrassed. Feeling embarrassed? Edited October 22, 2016 by KhunBENQ Link to comment Share on other sites More sharing options...
Chicog Posted October 22, 2016 Share Posted October 22, 2016 4 hours ago, KhunBENQ said: Feeling embarrassed? Why should he be? I'd rather people erred on the side of caution than unwittingly made themselves part of a botnet or something. And at first glance I would have deleted that email. Link to comment Share on other sites More sharing options...
KhunBENQ Posted October 22, 2016 Share Posted October 22, 2016 (edited) Such emails are sent from Amazon since at least 2011. Link in the emails lead to authentic Amazon site. Do some search. http://the-digital-reader.com/2016/03/14/amazon-now-resetting/ I would NOT report such alarms before receiving feedback from the supposed sender. Hoaxes are about as bad as the real stuff. 8 hours ago, JaiMaai said: To me, this is very clearly a phishing attempt. The language and prose style used is NOT what would be expected from a major online retailer. It absolutely IS. Have you ever studied a real pishing mail? Edited October 22, 2016 by KhunBENQ Link to comment Share on other sites More sharing options...
Chicog Posted October 22, 2016 Share Posted October 22, 2016 (edited) 1 hour ago, KhunBENQ said: Such emails are sent from Amazon since at least 2011. Link in the emails lead to authentic Amazon site. Do some search. http://the-digital-reader.com/2016/03/14/amazon-now-resetting/ I would NOT report such alarms before receiving feedback from the supposed sender. Hoaxes are about as bad as the real stuff. It absolutely IS. Have you ever studied a real pishing mail? Yes. I do it for a living. The simple fact that it wasn't addressed personally would have led me straight to the Delete button. Edited October 22, 2016 by Chicog Link to comment Share on other sites More sharing options...
55Jay Posted October 23, 2016 Author Share Posted October 23, 2016 9 hours ago, Chicog said: Yes. I do it for a living. The simple fact that it wasn't addressed personally would have led me straight to the Delete button. I was thinking of you when I posted this, as you stand out in my mind (among a couple others) as well versed in this kind of thing. On the email I rcvd, I did hover mouse over the amazon dot com link in the salutation/signature line, and the small pop up window appeared showing www dot amazon dot com. Even though it looks good, if clicked, could it still be redirected to a 'fake' website? Is that what's called "spoofing"? Link to comment Share on other sites More sharing options...
Chicog Posted October 23, 2016 Share Posted October 23, 2016 4 hours ago, 55Jay said: I was thinking of you when I posted this, as you stand out in my mind (among a couple others) as well versed in this kind of thing. On the email I rcvd, I did hover mouse over the amazon dot com link in the salutation/signature line, and the small pop up window appeared showing www dot amazon dot com. Even though it looks good, if clicked, could it still be redirected to a 'fake' website? Is that what's called "spoofing"? Yes, spoofing usually involves using a different address to the one displayed. The same applies to links in the email, which can be revealed by hovering over them. But the general rule is that, if you ever receive emails like this, just don't click the link in the email to be sure; go and type in the actual address so you know you are going where you are supposed to. Looking at the comments in the OP, that's what most people did and many of them did in fact find their password reset. However, scammers would very likely try and duplicate this email verbatim, with the links changed to point to their copy of the website, or a malware downloader. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now