This morning I awoke to find the following spam email in my inbox:
Greetings from Amazon Payments.
Your bank has contacted us regarding some attempts of charges from your credit card via the Amazon system. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your Amazon account Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your Amazon registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of Amazon policy to represent oneself as another Amazon user. Such action may also be in violation of local, national, and/or international law. Amazon is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.
To confirm your identity with us click here: <LINK REDACTED>
After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.
Thank you for your interest in selling at Amazon.com.
Amazon.com Customer Help Service
In many ways this tickled my fancy. The first paragraph (“Greetings from Amazon Payments”) indicates that it’s directed to one of the Amazon affiliates and I’m not an Amazon affiliate. if it was directed to customers, it wouldn’t come from Amazon’s Payments department, instead it would come from some other department (maybe Amazon billing?).
But they immediately discuss “attempts of charges from your credit card” (let’s ignore the fractured English, it’s a phishing email so you sort-of expect crappy English). If I’m an affiliate, why would Amazon be charging my credit card?
They then go on and indicate that if this isn’t resolved right away they’ll cancel my Amazon account – very scary. In fact the risk is so severe, they’re going to ask that I provide a second confirmation of my identity. And Amazon is going to be totally helpful in ensuring that law enforcement is notified of the charges. How very helpful of them.
But what made this email stand out to me is the next to last paragraph. The one where they say:
“…we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays.”
To paraphrase that fragment: “we figure it’s going to take us at least 3 days to clean out your credit card and get away. So please don’t bother us before then.”
Somewhat OT: On a more serious note, a friend of the family recently had her email account hacked (we don’t know how it happened but it did). The criminals who did this then proceed to send fraudulent emails to all the contacts in her address book asking for money. The good news is that she complained to the Live Mail folks about it and they were able to reclaim the account for her within 24 hours, so hopefully the damage is minimal. And she’s gone out and changed all her online passwords in case they figured out those passwords while they had access to her email. Live email also has an excellent “what to do when you think your account’s been stolen” resource which lays out the various options available when this happens. The local police department also pointed her to the FBI’s Internet Crime Complaint Center, it’s not clear if engaging them will make a difference (especially if the crooks are international) but it’s something.