Dec. 14, 2013
I received the following email the other day which I almost fell for…except my Spidey sense was tickled since it mentions orders in the future tense.
As it happens, like many people, I’ve made several Amazon orders over the past few weeks including books for myself and others. However, I knew that all the purchases had been delivered in good order. Nevertheless, I wondered for a moment whether there might have been one that was still pending.
As I looked more closely, the tell tale signs of a scam emerged: a funky From address and return path…
…and the fact that the order number in the Subject line didn’t match the order in the Details section. I also noticed that the order number format doesn’t match Amazon’s system…
…and the fact that the attachment was a ZIP file.
I have to confess that I was not 100% convinced until I took a closer look at the To line where I found that the email address indicated was one character short of my actual address. Clearly this could not have been delivered to me except by a mass scam email.
I’ve written about this kind of scam before since it follows a sad but recognizable theme that I like to call “The Shotgun.”
This approach involves the scammer sending out a message that a high percentage of the population will immediately recognize as something they’ve recently done: sent a package, made a bank transaction or made an online purchase for example.
It’s hard to resist clicking on the attached file because we know we just had some sort of business with, say, Chase Bank, UPS or the Happy Joytime Massage & Wine Bar.
(I subsequently learned from my Amazon customer service rep that “Amazon does not send order confirmations or other unsolicited requests that require you to open attachments.” So if you see an attachment, it’s probably bogus. And note that Amazon — a very fine company — had nothing to do with this.)
The final piece of the puzzle was confirmed when I scanned the full headers (available on most email systems) and found the following old school scam device: hidden terms designed to spoof certain email system filters. I’m not entirely sure how it works nowadays, but in the past, spammers would insert invisible words, hidden simply by using “white type” which a computer would recognize but a human wouldn’t unless you highlight the white space. I’ll pause a moment while you go ahead and highlight the area below this line to see the letters magically appear (bearing in mind the background on this page isn’t white)…
/humanities/epicenter/Salk/Ekman/punt/zimmerman/ghoulish/Salo/thankyou/bala nces/edited/livable/Zig/Yanks/icici/Selma/makr/sexually/poderia/abap-world/r ewriting/logging/researcher/ticked/deployments/ticketek/ac3-distribution/cow orkers/fend/Egan/Luisa/Quran/compens/ultra-gauge/tss-rostov/thermasdeolimpia /referendum/japannetbank/armada/myalaskaair/ac3/Grafton/panna/kidkraft/mpl/e xtremt/masterbase/paddle/Lynda/rostov-don/starken/gor/otterbox/Navigators/cl imatique/Barstow/logging/lockwood/Hsu/warrants/kookai/pvda/journeys/quidsi/m
So there you have it.
Like a cheap Uri Geller stunt, Tarot reading or pet psychic performance…
…once you know how the scam works, you almost feel stupid for not seeing it right away.