The easiest way for hackers and ransomware to mess with your computer is social engineering. Basically, that means ‘Wear the appropriate repair-guy uniform, walk into the building looking confident, and go directly to the system that you will be “fixing.” No one challenges that, right?
OK, well then, would you click on this email? I don’t remember ordering a pricy server from Amazon, but it looks like I’m getting one. I guess I’d better look in there and see who ordered it for me; could be that my account was hacked.
So what’s wrong with it? Here goes, most obvious and visible items first:
- I ordered no such thing.
- The sender’s email address has the wrong domain, ‘amazons.com’ which is also not the web address for Wonder Woman’s family island.
- The return address for Amazon orders is generally firstname.lastname@example.org.
- The format of the email is simpler than the usual Amazon shipping confirmation, missing gray backgrounds, logos, and a picture of each item ordered. It looks a lot like an Amazon confirmation from ten years ago.
- The order number is not a text link in the email, and the last section has too many numbers.
- “it may take 24 hours for tracking information to be available in your account.” No, tracking shows up in Amazon before the email is sent; it’s Fedex and UPS that will just say ‘label printed’ until the next morning.
- Finally, not visible above, if you float your mouse over the ‘Order Details’ button, which is missing the orange logo that Amazon would normally use, you will see the link, which goes to usintecmedical_ com_br, not Amazon. That ‘com.br’ points to a site in Brazil, probably hacked.
What to do? Will this big Dell system show up at my door? No. I TYPED ‘amazon.com’ into my browser, didn’t follow the link, and checked. No surprises there. However, that medical address in Brazil would likely have looked like an Amazon page, asked for a login, which it would keep and use, and then forwarded you to the real Amazon. Or the site would attempt to install malware. Be suspicious. These fake confirmations can look like they come from nearly any large company.