Account Confirmation pretending to come from Amazon.co.uk <firstname.lastname@example.org> is a phishing email designed to get your Amazon log in details and then your bank, credit card, address and personal details so they can imitate you and take over your accounts and clean you out
email looks like
Your Orders | Your Account | Amazon.co.uk $
Thank you for shopping with us. We’d like to let you know that We need tvo confirm your account information, you must confirm your amazon account before we close it . Click the link below to confirm your account information using our secure server
If you want more information or need more assistance, go to Help.
Thank you for shopping with us. Amazon.co.uk
Unless otherwise noted, items sold by Amazon.co.uk LLC are subject to sales tax in select states in accordance with the applicable laws of that state. If your order contains one or more items from a seller other than Amazon.co.uk LLC, it may be subject to state and local sales tax, depending upon the seller’s business policies and the location of their operations. Learn more about tax and seller information.
This email was sent from a notification-only address that cannot accept incoming email. Please do not reply to this message.
Following the link in this Amazon Account Confirmation or other spoofed emails takes you to a website that looks exactly like the real Amazon.co.uk site. You are then through loads of steps to input a lot of private and personal information. Not only will this information enable them to clear out & use your Amazon account, but also your Bank Account, Email details, webspace ( if you have it) They then want enough information to completely impersonate you and your identity not only in cyberspace but in real life.
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email or follow links in them . Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details.
Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE .SCR or .COM then it is a problem and should not be run or opened.