topic Re: This has got to be a scam in Community Chat

This has got to be a scam

CLEM — Sun, 30 Jul 2017 13:54:27 GMT

I have been getting different "Amazon" messages periodically asking me to click on their link and update my information. They all look authentic to me; however I am sure they are fake. I am trying to copy and paste so everyone can be warned.

Can't copy it. But the header is: Notice of SSL Updates.

If you get this, don't even click on it.

Re: This has got to be a scam

Preds — Sun, 30 Jul 2017 13:57:36 GMT

Thank you @CLEM. We can never be warned enough. So many scams coming from everywhere.

Re: This has got to be a scam

Zhills — Sun, 30 Jul 2017 14:01:36 GMT

It is a scam. I have 2 emails and I keep getting this message in the email that Amazon does not have!

Re: This has got to be a scam

NicksmomESQ — Sun, 30 Jul 2017 14:08:05 GMT

I've gotten a few of those too.I also get emails from supposed cites thanking me for signing up & asking me to click to confirm my email to complete my registration.The problem is I never signed up!! CLICK DELETE!! 👎👎

Re: This has got to be a scam

Gram W — Sun, 30 Jul 2017 14:11:08 GMT

I have received several emails asking my to update my Amazon information. I have never done business with them or opened an account. I deleted immediately.

Re: This has got to be a scam

chrystaltree — Sun, 30 Jul 2017 14:27:13 GMT

They are fake, you know they are fake. Everyone and anyone who has ever purchased from Amazon knows they are fake. Amazon would never do that, no retailer or bank or CC company would ever send such an email,

Re: This has got to be a scam

Spurt — Sun, 30 Jul 2017 15:47:12 GMT

I hope Amazon is seriously working on stopping these false phising emails impersonating them, Amazon's "remedy of just posting a warning to customers on their website isn't enough .....perhaps they need to take care of this before they work on expanding their Amazon business further this has been going on for awhile..... Other retailers that had this phising email problem quickly took steps and stopped it quickly and this has been going on since 2010!!

Perhaps Amazon is getting a bit too big for their britches and doesnt think this is important even though it's impacting its customers---some of them have been taken in by the scam google it...................

Re: This has got to be a scam

Marp — Sun, 30 Jul 2017 15:44:59 GMT

@Spurt wrote:
I hope Amazon is seriously working on stopping these false phising emails impersonating them, Amazon's "remedy of just posting a warning to customers on their website isn't enough .....perhaps they need to do this before they work on expanding their Amazon business further.....and perhaps they are getting a bit too big for their britches I think ............

What would you suggest Amazon do about a problem that does not originate from their servers? The majority of the scam and phishing emails originate from overseas just like spam phone calls. By the time one solution is found the scammers have moved on to a new method.

The problem is not exclusive to Amazon. I get scam emails from banks, retailers, brokerages, organizations, schools, etc. and while I take the time to forward the emails to their security/phishing department when I can find an address I don't delude myself into thinking the entity can do anything to stop the scamming.

Re: This has got to be a scam

Spurt — Sun, 30 Jul 2017 16:26:36 GMT

@Marp wrote:
@Spurt wrote:
I hope Amazon is seriously working on stopping these false phising emails impersonating them, Amazon's "remedy of just posting a warning to customers on their website isn't enough .....perhaps they need to do this before they work on expanding their Amazon business further.....and perhaps they are getting a bit too big for their britches I think ............
What would you suggest Amazon do about a problem that does not originate from their servers? The majority of the scam and phishing emails originate from overseas just like spam phone calls. By the time one solution is found the scammers have moved on to a new method.

The problem is not exclusive to Amazon. I get scam emails from banks, retailers, brokerages, organizations, schools, etc. and while I take the time to forward the emails to their security/phishing department when I can find an address I don't delude myself into thinking the entity can do anything to stop the scamming.

@Marp @JaneMarple

http://searchsecurity.techtarget.com/tip/Hooked-Phishing-is-luring-more-and-more-of-your-customers

https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams

Other retailers have found ways to stop these scams....why cant big mighty Amazon do it.........they are involved in the tech world developing new tech gadgets so certainly they have the resources they can develop to put preventive things in place like banks, paypal, and others have done to stop this phising of their name..........I personally witnessed a stoppage, a bank had the same issue with phising shut down rather quickly.......it CAN be done! It's Amazon ..... one of their vendors was advertising named braned items but sending out cheap non-named brand knockoffs---and they used the named brand product in their description and photo, and when I reported the vendor Amazon did NOTHING! And also had a credit card hacked when purchasing merchandise from Amazon directly --- I have not shopped with them since! Amazon has security issues......I suggest customers be deligent and check their statements carefully, update security software, and change password frequently!

Fighting Back
Early warnings are good, but service providers have no control over how customers respond to spoofed emails. Since phishing scams target customers at their homes and workplaces, it's critical to have a clear policy governing the solicitation of personal information. Many companies warn customers that they will never solicit authentication information through email.

Make sure everyone in your organization is on the same policy page; imagine the damage if one of your divisions solicits personal information after your customers have been warned to watch out for it.

Consider these additional steps:

Be proactive on your Web site. eBay and Earthlink provide customers with specialized toolbars that alert them when entering a suspected phishing Web site and direct them to a Web page with information about online scams. PayPal provides a link to its security site, which tells customers how to spot fraudulent e-mails.

Monitor DNS registrations closely and subscribe to services, such as Netcraft, that alert you when someone registers a domain that matches certain criteria indicating a spoofed Web site.

Move quickly to take down hijacked Web sites by alerting the host organization--often an ISP or university--that one or more of its servers has been compromised. You may have to call law enforcement if the organization refuses or is slow to respond. While domestic hosting services often cooperate, the task is more difficult when dealing with offshore ISPs not governed by U.S. law.

Consider the use of digital signatures. Several products, including ZixCorp's ZixVPM and PostX's Trusted E-Business, provide secure e-mail services, and Tumble-weed's E-mail Firewall digitally signs outgoing mail based on policy. Digital signatures are entirely under the control of the sender and will serve the needs of high-end, technology-savvy customers. The education of uninitiated users is far more challenging, making this approach less practical for larger implementations.

Don't depend on SSL certificates. That reassuring padlock symbol at the bottom of your browser window simply means there's an SSL connection; it doesn't confirm the identity of the connected server. The hitch is that IE allows plaintext certificates that can easily be used to forge the site identity.

Make your organization an unattractive target. "Banks need to build a reputation in the fraudster community--'Don't mess with me,'" says Cyota's Bennett. "Be very aggressive in legal ways and take the counter-offensive."

n January, Cyota launched Cyota FraudAction, a modular suite of services that combats phishing attacks. At the core of FraudAction is Cyota's antifraud command center, which detects potential phishing attacks by analyzing data pulled in by various probes, decoys and several of Cyota's partners.

Cyota's analysts create damage assessment reports based on parameters such as the number of hits, quality of the e-mail and type of information the attacker is trying to obtain. This gives Cyota's clients an early warning so they can shut down the phisher's site and alert their customers and provides forensics data to aid in possible prosecution.

In May, MarkMonitor, an Internet brand protection and corporate domain registration specialist, announced Fraud Protection, which uses distributed honeypots and sophisticated baiting techniques to draw in and identify potential attacks. The firm monitors chat rooms, newsgroups and domain registries, processing the data through its correlation engines to determine potential threats.

MarkMonitor gathers data to help customers shut down attackers. It also provides evidence should the customers decide to prosecute.

Cyveillance, an online risk monitoring and management services provider, gives early attack warnings through its Cyveillance Intelligence Center Technology, which monitors hundreds of thousands of junk e-mails daily and cases the Web for potential attack intelligence.

Brightmail offers email security products and services, including Brightmail Anti-Fraud, which leverages Brightmail's Probe Network, consisting of more than 2 million decoy email accounts and antispam technology to detect spoofing attempts characteristic of phishing attacks. If fraud is detected, Brightmail creates rules to block subsequent spoofed e-mails from reaching customer accounts.

Numerous other vendors--such as Tumbleweed Communications, CipherTrust and NetIntelligence--feature antispam and email filtering products and services and are good sources of phishing intelligence.

Tumbleweed founded the Anti-Phishing Working Group last fall. Membership is open to financial institutions, online retailers, law enforcement organizations and vendors.

Growing Stakes
If you still don't think phishing is a problem, consider what's at risk:

The Gartner study estimates that 30 million Americans have received a phishing attack, and about 3% (1.78 million) submitted personal and/or financial information. This percentage is likely many times greater than the response to typical spam messages and more than enough to assure phishers a high return on a minimal investment. Other sources say the response rate is as high as 5 percent.

There isn't enough evidence to accurately estimate how much money phishers net, but Gartner estimates the direct cost to companies was $1.2 billion in 2003, and, given the dramatic increase in attacks this year, it's easy to foresee growing losses.

In addition to direct losses, add downtime in the face of concerted attacks, the cost of issuing new credentials to customers who have been compromised, the security spending and potential liability, and you have the potential for a serious problem.

And, it's hard to put a dollar value on trust.

"Losses are high," says Mark Shull, president and CEO of MarkMonitor, "but the growing concern is having consumers reluctant to do business online."

Re: This has got to be a scam

JaneMarple — Sun, 30 Jul 2017 15:57:37 GMT

@Spurt wrote:
@Marp wrote:
@Spurt wrote:
I hope Amazon is seriously working on stopping these false phising emails impersonating them, Amazon's "remedy of just posting a warning to customers on their website isn't enough .....perhaps they need to do this before they work on expanding their Amazon business further.....and perhaps they are getting a bit too big for their britches I think ............
What would you suggest Amazon do about a problem that does not originate from their servers? The majority of the scam and phishing emails originate from overseas just like spam phone calls. By the time one solution is found the scammers have moved on to a new method.

The problem is not exclusive to Amazon. I get scam emails from banks, retailers, brokerages, organizations, schools, etc. and while I take the time to forward the emails to their security/phishing department when I can find an address I don't delude myself into thinking the entity can do anything to stop the scamming.
@Marp

Other retailers have found ways to stop these scams....why cant big mighty Amazon do it.........they are involved in the tech world developing new tech gadgets so certainly they have the resources they can develop to put preventive things in place like banks, paypal, and others have done to stop this phising of their name.............

Uh? This happens all the time with numerous retailers @Spurt! I get "fake" emails from Wal-Mart just about everyday informing me of a gift card or that my order is on its way. Do you think Wal-Mart is "big and mighty" also? Is it their problem too?

Re: This has got to be a scam

Marp — Sun, 30 Jul 2017 16:02:41 GMT

@Spurt wrote:
@Marp wrote:
@Spurt wrote:
I hope Amazon is seriously working on stopping these false phising emails impersonating them, Amazon's "remedy of just posting a warning to customers on their website isn't enough .....perhaps they need to do this before they work on expanding their Amazon business further.....and perhaps they are getting a bit too big for their britches I think ............
What would you suggest Amazon do about a problem that does not originate from their servers? The majority of the scam and phishing emails originate from overseas just like spam phone calls. By the time one solution is found the scammers have moved on to a new method.

The problem is not exclusive to Amazon. I get scam emails from banks, retailers, brokerages, organizations, schools, etc. and while I take the time to forward the emails to their security/phishing department when I can find an address I don't delude myself into thinking the entity can do anything to stop the scamming.
@Marp

Other retailers have found ways to stop these scams....why cant big mighty Amazon do it.........they are involved in the tech world developing new tech gadgets so certainly they have the resources they can develop to put preventive things in place like banks, paypal, and others have done to stop this phising of their name.............

I have an email address that I use specifically to sign up for access to sites. I continually get scam emails from Citibank, BOA, Amex, Paypal, Walmart and many more well known entities. This particular provider has very weak spam filtering.

My primary email provider has exemplary spam filtering and I rarely get scamming/spamming emails.

If looking to place kudos for stopping spams and scams I would look to the spam filtering abilities of your email provider rather than the phished entity. They can't control the email systems of others; at best, when they get enough complaints and forwarded spam emails they can notify the senders provider about the spam. Email providers can use the headers in emails to help recognize potential spam and scams and block them.

Re: This has got to be a scam

JaneMarple — Sun, 30 Jul 2017 16:16:26 GMT

@Spurt have you ever heard of spam folders? That's where I put my nuisance emails, I don't pay them any mind except for a chuckle or two when I get one. It's nonsense to blame a company for them.

Re: This has got to be a scam

goldensrbest — Sun, 30 Jul 2017 16:18:02 GMT

Yes,it is and do not click on it.

Re: This has got to be a scam

pitdakota — Sun, 30 Jul 2017 16:22:24 GMT

@Spurt wrote:
@Marp wrote:
@Spurt wrote:
I hope Amazon is seriously working on stopping these false phising emails impersonating them, Amazon's "remedy of just posting a warning to customers on their website isn't enough .....perhaps they need to do this before they work on expanding their Amazon business further.....and perhaps they are getting a bit too big for their britches I think ............
What would you suggest Amazon do about a problem that does not originate from their servers? The majority of the scam and phishing emails originate from overseas just like spam phone calls. By the time one solution is found the scammers have moved on to a new method.

The problem is not exclusive to Amazon. I get scam emails from banks, retailers, brokerages, organizations, schools, etc. and while I take the time to forward the emails to their security/phishing department when I can find an address I don't delude myself into thinking the entity can do anything to stop the scamming.
@Marp

Other retailers have found ways to stop these scams....why cant big mighty Amazon do it.........they are involved in the tech world developing new tech gadgets so certainly they have the resources they can develop to put preventive things in place like banks, paypal, and others have done to stop this phising of their name..........I personally witnessed a stoppage, a bank had the same issue with phising shut down rather quickly.......it CAN be done! It's Amazon ..... one of their vendors was advertising named braned items but sending out cheap non-named brand knockoffs---and they used the named brand product in their description and photo, and when I reported the vendor Amazon did NOTHING! And also had a credit card hacked when purchasing merchandise from Amazon directly --- I have not shopped with them since! Amazon has security issues......I suggest customers be deligent and check their statements carefully, update security software, and change password frequently!

____________________________________________________

@Spurt, then how would you explain the 2 emails I have recevied within the past 10 days asking me to update my Paypal account when I have never had a Paypal account?

And yes it was a phishing email.

I work with great IT people who routinely work with us to deter phishing emails because we are targeted frequently in our line of work.

In true phishing, there is nothing a retailer, bank, government office, or any other institution that can prevent phishing. The only thing they can do is increase their cyber security to prevent their customer information from being hacked. But that doesn't stop phishing.

These individuals access other databases via public information sites and then blitz by sending tens of millions of individuals the emails. So in the case of the PayPal emails I received, someone had my info from another site. They reason that PayPal is very popular in the US, then they send it to everyone. Chances are a good number of people that receive the email use PayPal. And then chances are a smaller number of those recipients will fall for the email.

PayPal has nothing to do with this. The email went to individuals that were not even necessarily their customers. To date, there is absolutely nothing that PayPal can do about that except try to alert their customers after the fact, that there is a current scam.

Just for general information purposes, one of the things our IT dept has taught us to do if we seriously question a message coming from a phishing organization is to "hover" your cursor over the live link in the message. Do not click on the link, but hover. In a phishing email, the web address that pops up when you hover will be a totally different one and usually contain a series of crytpic numbers.

Re: This has got to be a scam

Mistreatedbycs — Sun, 30 Jul 2017 17:08:15 GMT

I get them daily. There are notices my package could not be delivered.

There are notices that I won! There are notices of package delays and notifications of shipments.

A lot of them.

Thank goodness I don't buy a thing from Amazon....all deleted.

If anyone of you didn't know, just take your cursor and hover over the address, don't click, and you will see who's it's actually from.

Re: This has got to be a scam

Spurt — Sun, 30 Jul 2017 17:46:42 GMT

@JaneMarple wrote:
@Spurt have you ever heard of spam folders? That's where I put my nuisance emails, I don't pay them any mind except for a chuckle or two when I get one. It's nonsense to blame a company for them.

@JaneMarple

I have strong excellent spam filters in place and if a rare one comes in it goes directly to the spam folder........

Re: This has got to be a scam

handygal2 — Sun, 30 Jul 2017 18:28:48 GMT

I forward all of my scam emails to spam@uce.gov before deleting them.

Even though l'm sure that the federal government doesn't have the resources to find and prosecute all of the scammer criminals, l feel that they should at least be notified about them.

Re: This has got to be a scam

JustJazzmom — Sun, 30 Jul 2017 19:34:04 GMT

Abuse @ Chose the agency being phished is generally the address to forward these phishing e mails to; check directly the website in question by not clicking on the e mail link but open another tab to type in the correct address and search for the phishing e mail address dept. there.

Second, sometimes it's best not to store your CC on various websites. Do the transaction & remove the card from saved CCs.

Re: This has got to be a scam

kivah — Mon, 31 Jul 2017 01:28:10 GMT

NEVER click on Links - even if u do business with that company. Honest companies will never ask u to update ur information - or click on a link.

Re: This has got to be a scam

CLEM — Tue, 01 Aug 2017 00:51:11 GMT

What has happened to the human race over the last 25 years or so? I remember back in the late 80s at the university where I worked, student grades were posted by social security number not by name.