Email Security Blog

Fresh Phish: Catch of the Day: Amazon Shoppers Nearly Fall Prey

I have three Alexa’s and tend to buy everything I possibly can from Amazon. You name it I’ve bought it! So getting ‘order’ and ‘delivery’ notification emails from the big A are a daily norm in my inbox. I would bet that for most of you, it is the same. In the last week, I had two Amazon packages ‘delivered’ that didn’t actually make it inside my house -  I have since installed a video doorbell and I’m ready to catch whoever has been stealing my pork rub and vintage GI Joe’s!

I was feeling pretty comfortable with my Amazon shopping and then my good friend INKY hooked today’s catch of the day and I was immediately grateful for her intervention.

What Does a Brand Forgery Email Look Like?

This phishy suspect is a clever brand forgery attempt. The email itself is a carefully reproduced copy of an actual Amazon order confirmation. The iconography is correct, the majority of the links are to real amazon URL’s and the domain the email came from appears – to the human eye - to be legitimate.

Amazon Impersonation Email INKY 1

The call to action is completely indiscrete, the order confirmation lets you know that you’ve spent money, nearly $200, but doesn’t tell you what it is you’ve bought. If you are like me $200 is a lot of money and the chances are, (and the fraudster hopes), that you will click on order details. We’ve been trained not to hand over our personal details, to not part with our account numbers or passwords, but a clever phishing attempt doesn’t ask for that, it draws you in.

Any poor soul (pun intended) clicking on order details ends with a nasty malware download, hours of sadness, and lots of confusion. Thankfully though, if you’ve deployed INKY’s Phish Fence, brand forgery emails are immediately flagged as such.

How Can I A Detect Fraudulent Email?

INKY’s blend of computer vision, artificial intelligence and machine learning are applied to each and every incoming email. In this case the ‘order confirmation’ received a big red banner, visually jarring and factual. INKY immediately notified the recipient that a Phish had been caught in the Fence, protecting the avid online shopper from a bad day at the store.

Amazon Impersonation Email INKY 3


Want to see how INKY works on the back-end? Schedule a demo to see how INKY can protect your business from employees falling prey to these scams.


Request Demo