This Phishmas, we're going to be ordering a ton of things from Amazon.

So you might be expecting email updates about those packages.

In this scam, hackers are hoping you are anxiously awaiting updates and will use it to steal credentials. 


There's a few things off with this email. For one, most Amazon updates will come from Amazon directly. (It's possible to order packages from Amazon that are sent via USPS, but you'll still get updates from Amazon.) 

Another is the sender address--it doesn't match. The third is the image--the image is linked to a URL that's also a credential harvesting page. And finally, there's the link at the bottom, which also goes to a credential harvesting page.

You'll also notice grammar issues throughout.

When getting shipping emails this Phishmas season, it's important to pay attention to:

  • The Sender Address
  • The Grammar
  • The Logic

What do we mean by logic? Many phishing emails don't follow standard logic. In this case, it's Amazon updates sent by USPS. Or paying to verify your address. Or saying, "Dear Email User". When evaluating an email, if the logic isn't there, it's probably not safe.