New phishing scam

[notthatamanda]

I got an email that said there was an $1800 charge on Amazon one of my credit cards this morning and it was over the limit so it triggered the response. It said to click on the link to open a ticket but when the link didn't work I called them.

I feel like an idiot for clicking on the link and now I probably have something bad on my computer, but I have gotten those emails before and they were legit. I didn't look closely enough at the email address.  Credit card company said the card is fine.

I hate scammers, don't be dumb like me, check the email address first. It was obvious once I looked at it but I had already panicked. 

[TimothyEllis]

Always mouse over every link, and check it is exactly legit.

If in doubt, don't click.

[notthatamanda]

What does mousing over it do? I never heard that before. I am pretty dumb about this stuff.  Thanks.

[TimothyEllis]

What does mousing over it do? I never heard that before. I am pretty dumb about this stuff.  Thanks.

It displays the actual url down the bottom left.

So the link might say "https: //amazon.com" but the mouse over will show "https: //youranidiot.com"

[2-Bit D]

My advice has always been that if an eMail starts out with "Dear Customer" instead of your name, it's probably spam or a scam because companies you deal with know your name.  But then a couple weeks ago, I received an eMail addressed to "Dear Customer" from one such company.  I think, but I don't remember with certainty, that it was Amazon.  And it was legit.  Companies need to be careful their legitimate eMails don't look like a phishing attempt.

Attachments are usually a good indication that something is a phishing scam too.  But then a company I deal with always sends a copy of the invoice via attachment and, oh yeah, they open the eMail with "Dear Customer" too.  I even sent them an eMail once suggesting they might want to change their eMails to look less like a phishing attempt but that didn't go anywhere.

Checking the links too is generally good advice, but you get legitimate eMails from companies and they'll use a tracking URL or a short URL that looks nothing like the destination address.

As long as legitimate eMail senders continue to do stupid things, phishing scams will continue to trick people because every time you say "well, only a phishing scam would send an eMail like that" there will be a legitimate sender that will send an eMail just like that too.

Best advice is to never click a link in an eMail unless you are absolutely certain where it is going or that the sender is 100% legit.  In the case of large financial charges, go directly to the website of the credit card provider or bank and log in to your account there without clicking on an eMail link.  If there's something odd, you will more than likely have a message or see the charge when you directly log into your account.

Also, try not to panic.  That's what the scammers rely on.  In most cases, you're protected against fraud so it's typically not necessary to do any panic clicking.

[The Masked Scrivener]

Never click on links in emails. Go to a browser and type the URL. Better safe than sorry.

[notthatamanda]

Thanks Dan.  The credit card company told me they would always include my name and card number.  I don't know why this one took me by surprise.  And I know we aren't liable for the charges so I really have no excuse for my dumbness.

[David VanDyke]

Always mouse over every link, and check it is exactly legit.

If in doubt, don't click.

Or simply don't. Ever. Click. Doubt or not. Make it a policy. Especially if you have kids who need clear rules. I learned this the hard way a while back...

You can also right-click the links (usually) and copy-paste into a document, to see what it looks like. If it seems legit, then you can open an incognito browser even better, a Tor-type encrypted browser, and see where the link goes. If at that point you're satisfied, you can proceed.

[Maggie Ann]

Never click on links in emails. Go to a browser and type the URL. Better safe than sorry.

Learned that the hard way a few years ago.

[R H Auslander]

I have two identical emails except for server, one in US and one in RU, amongst several others, but only the two identicals get spam, hordes of spam for the last three months, why I have no idea, I don't go to 'strange' sites ever, present company notwithstanding.

I do take a look in case it's an errant customer, but if there's any kind of link it's auto delete. If it's in Ukrainian or 'Chinese' or Tajik or Pashtun, it's delete. Russian or German, I speak and/or understand enough of both to get the idea of the email, gets a look but any of my business clients know not to use those two emails. On the other hand, one of the best orders I've ever had came in via an errant email inquiry to one of the identical ones, which is why I waste a few minutes every day looking at garbage. But I never click on a link.

I do from time to time get a missive about my credit card having a problem and please call the following number and have my credit card and personal particulars handy. Odd. I don't have a credit or debit card. Her Excellency does, but my name is not on any of them, and as usual hereabouts she uses her family and Christian name for bank business, ain't even close to mine.

[notthatamanda]

All good ideas guys thanks. And I had already decided to talk to the older one about it. They're using their email more and more.

[Shoe]

Scammers are the scum of the earth. No, they're below that. Pre-scum.

When you start collecting Social Security the scams, usually via phone, really accelerate. I wonder how many elderly have handed over their SS#s fearing for their livelihood.

[notthatamanda]

Yes even if I hadn't been dumb about it, I still would have had to call the credit card company to double check. I just would have had to. There's an afterlife story in this somewhere.