New Amazon phishing scam, a recent AOL phishing scam; a new twist on overpayment scams: Internet ScamBusters #265
Today's issue features three Snippets: one is about a brand new phishing scam directed at Amazon customers; the second reports on a recent AOL phishing scam, and the third Snippet concerns a new twist on overpayment scams.
Time to get going...
New Phishing Scam Targets Amazon Customers
Amazon.com is best known as an online reseller, starting with books, CDs, and DVDs, but its customers are also a popular target of phishing scammers.
Recently, a colleague received what appeared to be a brand new Amazon phishing email. After contacting the company, he was told that the suspicious email was indeed a fake.
The email opens by informing recipients that they've supplied an "invalid credit card address" for a purchase, so their credit card issuer has "refuzed" to pay.
After the scammer provides a phony website link -- which reads, "Click here to verify your information" -- the message continues:
--- Begin Amazon Phishing Email ---
"If you choose to ignore our request, you leave us no choice but to temporarily suspend your account.
Thank you for your patience as we work together to protect your account.
Account flagged: You have used an invalid address for your credit card! Billing Address Placed: [Name and address deleted] United States
Billing Address Refuzed by your Bank: [Name and address deleted] United States
NEED TO RESOLVE? Yes, because your account will be canceled. Verify your information placed to your amazon.com account."
--- End Amazon Phishing Email ---
Apparently, the scammer hopes recipients who have recently made Amazon purchases will think their orders have been confused with that of the fictitious person above -- and that they'll also ignore the fact that "refused" has been misspelled (twice) as "refuzed."
In addition, victims are asked to believe that Amazon will take the drastic step of suspending their accounts if they don't verify their credit card information soon.
Amazon phishing emails have been around for some time, but the new email resembles one that began reaching in-boxes a couple of months ago. The earlier scam also informed recipients that their orders had been denied, but it didn't offer a specific reason and didn't threaten to cancel the account.
If you receive a suspicious email -- from Amazon or another (usually) trustworthy source -- you could do what our colleague did. Although he HAD recently purchased Amazon products, he contacted the company by phone to verify whether the email was genuine.
We recommend, however, that you simply visit Amazon's phishing page instead.
On this web page, you can learn more about phishing and spoof emails targeting Amazon buyers, and report any suspicious emails you've received. From there, you can also track your recent orders.
Don't forget that you should NEVER click on the link in any email that throws up "red flags." Instead, contact the actual company directly -- by phone or by typing in its web address manually into your browser.
Another Phishing Scam Targets AOL Users
Along with Amazon, PayPal and eBay, AOL users are a favorite "prey" for phishing scammers. Here's a fairly new phishing email sent to us by a reader.
--- Begin AOL Phishing Email ---
"Subject: Your AOL access will be blocked. Please resubmit your information!
Dear AOL Member,
This confirms that your AOL payment method has been updated to reflect the new information you provided. You can make payment method changes at [Scam Link] throughout your monthly billing cycle if you decide that a different payment method would better suit your needs. Please note however, that the billing method on record at 10:00 AM EST on your billing cycle date will be the one used to process your account charges.
You can access America Online's secure, self-service Billing Center by going to [Scam Link]. Here you can review and modify your AOL account information online, anytime.
Please Remember: If your account information is not updated within 48 hours then your ability to use your AOL account will become restricted!
Sincerely," [etc.]
--- End AOL Phishing Email ---
This phishing expedition is more subtle -- and contains better grammar and spelling -- than the scam in our first Snippet, but there's one "tip off" that this email is a fake. AOL does NOT send threatening emails urging immediate action.
The company also doesn't ask for password, billing information or other personal information in emails or instant messages. If billing or other information needs to be updated, the company uses distinctive-looking "Official AOL Mail."
Find out how to spot the difference between Official AOL Mail and phishing emails.
A Different Twist on Overpayment Scams
Thanks to another reader, we recently were reminded of a new twist on the overpayment scam that we've only mentioned in passing -- and this twist is growing fast so we decided to write a Snippet about it today.
As one of our Top 10 Internet scams (ranking #6 this year), the overpayment scam commonly involves the SALE of vehicles.
The "buyer" sends you a check or money order for MORE than the price of the item, but soon "realizes" the mistake, and asks for a refund of the overpayment. Once you send the refund, however, you discover that the buyer's check has bounced.
In this different version, the item involved is a rental property.
An individual (or group of people) responds to a listing for an apartment or a vacation home, and forwards a certified check or money order for the entire amount you requested -- often including a security deposit.
Then, at some point, the "renter" backs out of the deal, but immediately volunteers to let you keep the security deposit -- or another seemingly "fair" amount.
(In older versions of this scam, they sent you a check for more than the amount requested and asked you to send back the difference.)
From there, the scheme plays out as it always does. The victim issues a real check -- or even a wire transfer -- before learning that the scammer's check has bounced.
Of course, there is a VERY simple way to avoid being scammed. Do not accept checks for more than the amount and do not send refunds.
If you truly need to send a refund, call your bank to find out how long it could take to have the amount charged back if the check is fraudulent. You might even try to get this in writing from your bank. Insist on waiting until the buyer's or renter's check has truly cleared before issuing a refund.
In fact, you may want to make it clear in your listing what your refund policy is. Stress that under no circumstances will you refund checks or money orders until they have truly cleared your bank.
This is important because it can take weeks to find out that the buyer's check is, in fact, bogus.
Finally, be very careful about depositing checks into your account from people you don't know, especially international checks. Banks often charge $25 or more in fees for bounced checks.
You can find more on overpayment scams on our site.
That's a wrap for this issue. Wishing you a great week!