Either there’s an upsurge in Amazon phishing emails or the phishers only got my email address recently.
I’ve had about half a dozen phishing emails today purporting to be from Amazon regarding my “seller” account.
To start with I don’t have a seller account.
The other giveaway sign is that although the links are similar to Amazon domains, they aren’t Amazon domains.
They all seem to be subdomains of by.ru, which appears to be some sort of free hosting solution based in Russia (I don’t speak Russian, so I’m only making an educated guess)
Unfortunately, while Amazon do have a facility for reporting phishing emails it is clearly not aimed at the “casual” end user or anyone who is short of time. It consists of a rather convoluted series of web forms instead of a simple email address.
While the likes of Paypal, Ebay and most of the major financial institutions make it relatively easy for even a novice to report phishing emails Amazon dare to be different.
While they may be getting the reports in from honeypots etc., surely it would make more sense to facilitate end user reports?
Am I missing something?
UPDATE: Over 24 hours later I got a reply from Amazon with the email address to use for reporting phishing emails.
In case anyone else needs it the email address is: stop-spoofing@amazon.com
If you forward phishing emails to that address as an attachment they get sent to their security team.
Leave a Reply