Phishing for Fishing Gear

By Caryn O., Director of Marketing

January 2, 2019

Whew! The holidays are over, and I wore out my Amazon.com account to find the perfect gifts.  It seemed I received a shipment update email every day. In order to keep track of the dozen gifts I had ordered, I quickly glanced at each email to see if any action was required.

A week before Christmas, I was surprised to see an email for fishing gear. I remembered that my husband was in charge of gifts for our nieces and nephews, but it still caught (no pun intended? 😊) me off guard.  Thankfully, our Pondera ISO has been relentless in his security training, so I quickly noticed a couple warning signs that this could be a phishing attempt.

The email contained details in the subject line that were inconsistent with other Amazon emails I had received.  Legitimate Amazon emails don’t put the dollar value of the item in the header, and this email subject line had an order number and a dollar value.  The body of the email had a link to “learn more about your invoice here.”  Links from an unexpected source are immediately suspect. Also, I noticed two misspellings in the body text. My phishing senses were on high alert.

A quick call to my husband confirmed that we had not ordered any fishing gear!  I sent a thank you note to our ISO, because without his training, I may have fallen victim to the email.  Clicking on the link could have downloaded malware to my computer or asked me to “log in” to my Amazon.com account on a lookalike page where they could hijack my account and make purchases at will.

There are several scams right now that target online shoppers; this is one of many.  Be aware and be vigilant – think before you click.  Fraud isn’t only in government programs and healthcare, it’s all around us.