How many Amazon notifications do you get? (If you're like some, it's a lot.) That means it's a perfect opportunity for hackers to try and exploit it to get some information. In fact, according to our research, Amazon is the third-most impersonated brand in phishing attacks. 

In this phishing email, the end-user sees an order notification for a MacBook. It's a pretty convincing duplicate of a legit Amazon confirmation message:

image (68)

Notice a few things. One, there are no links, just a phone number. That's what the hackers want you to do. You get a message that seems unusual and you want to rectify it. Give them a call and see what can be worked out. (Hint: It's not going to be helpful.)

Further, you'll notice the email does not come from an Amazon address:

image (69)

These sort of impersonation attacks are tricky to stop, especially when there are no links for the static solution to check again. And remember, don't pick up that phone.

Subscribe to Our Attack Briefs for More Research