Phishing for Fishing Gear
By Caryn O., Director of MarketingJanuary 2, 2019
Whew! The holidays are over, and I wore out my Amazon.com account to find the perfect gifts. It seemed I received a shipment update email every day. In order to keep track of the dozen gifts I had ordered, I quickly glanced at each email to see if any action was required.
A week before Christmas, I was surprised to see an email for fishing gear. I remembered that my husband was in charge of gifts for our nieces and nephews, but it still caught (no pun intended? 😊) me off guard. Thankfully, our Pondera ISO has been relentless in his security training, so I quickly noticed a couple warning signs that this could be a phishing attempt.
The email contained details in the subject line that were inconsistent with other Amazon emails I had received. Legitimate Amazon emails don’t put the dollar value of the item in the header, and this email subject line had an order number and a dollar value. The body of the email had a link to “learn more about your invoice here.” Links from an unexpected source are immediately suspect. Also, I noticed two misspellings in the body text. My phishing senses were on high alert.
A quick call to my husband confirmed that we had not ordered any fishing gear! I sent a thank you note to our ISO, because without his training, I may have fallen victim to the email. Clicking on the link could have downloaded malware to my computer or asked me to “log in” to my Amazon.com account on a lookalike page where they could hijack my account and make purchases at will.
There are several scams right now that target online shoppers; this is one of many. Be aware and be vigilant – think before you click. Fraud isn’t only in government programs and healthcare, it’s all around us.