[Love Calm Quiet]

Whoa! I just got phished for the first time - at my .mac email - and they almost had me.

I got an HTML email that appeared just like usual Amazon communications, and was supposed from "Amazon.com Payments<payments-messages@amazon.com>" .

In the body of the email was a hot link which was *named*:
https://www.amazon.com/exec/obidos/f...in-secure.html

To my old folks, that would appear to be a secure (https) link to Amazon. And when I clicked on the link I was taken to a site that *appeared* at first glance to be Amazon - both from the perfectly replicated Amazon sign-on page (with my .mac email in the right box).

The only thing strange was that Safari did not autofill in •••••••• to show that it would automatically send my password. That alerted me to look more closely at the address bar. Only then did I see that someone had established a domain name made to look (at quick glance) as though it went to Amazon:

http://secure.amazon.com.exec-login-...sucker@mac.com

Has anyone else gotten a phish like this? Doesn't this look like a good way to steal someone's email/password combo at a large online retailer? I worry about my folks, who would NEVER have noticed that this was a phish - and could have had their account at Amazon (or whatever online retailer) totally hijacked by this phish?

Any thoughts? Any victims?

[Love Calm Quiet]

PS:
So I tried to report this activity to Amazon. They DO have a phishing report form. The *types* of phishing attempts that they offer as examples are no where nearly as well disguised (e.g., they have FROM addresses like "Amazon.com@hotmail.com"

Unfortunately (for them) when I tried to send them a form with the details of this phish I got (repeatedly):

"We're sorry, but we are unable to process your contact at this time. We're investigating the cause of this problem now and hope to have it resolved shortly.
In the meantime, you can view and update your account and order information in Your Account. If you still need assistance from Customer Service after checking these resources, please try to submit your contact later."

(Maybe their canning plant is overloaded with phish this morning?)

[SystemPreffs]

Yeah, my sister got something like this. She's pretty naive, so I'm surprised that she didn't go ahead and type in her password once she got to the pseudo-amazon page.

It's a real issue of social-engineering making for vulnerability. It does make me wonder about the danger of using email addresses as the user-name on an account - given how Outlook address books like to spread all of our email addresses around. :/

[CharlesS]

They've done stuff like this for some time now. The best thing to do is, even if you think an e-mail is legitimate, to go straight to Amazon.com manually in your browser rather than following the link.