It’s going to be tough without having the real email in front of you. But we will go over everything that we can.
1. EMAIL ADDRESSES
Hackers can trick the “From” to give any name they want, if you hover your mouse cursor over the From name, or click on it, in most email services you’ll see the actual address pop up.You need to look for tricks like “amazon.something.com,” or “firstname.lastname@example.org” where Amazon isn’t the actual domain. Legitimate emails from Amazon will only end with “amazon.com”.
The links in the email aren’t to Amazon.com
If you had clicked on the link, there would likely be a spot for you to enter your Amazon username and password. Typing it in would have given the hackers full access to your Amazon account.
To spot this trick in real emails, hover your mouse pointer over the link. You’ll see the real link pop up. You could also right-click on the link, copy it and then paste it into a text document to see where it would really send you.
The hallmark of most phishing emails is the terrible use of the English language. Even in cases like this where the hackers take the time to get a template of a real Company’s email (although that security logo is an obvious addition).
Aside from how the email is constructed, pay close attention to what it asks you to do. It says that there was a security problem with your account and you need to click a button to log in. That’s a classic phishing attack from a hacker.
Any responsible company that’s sending out an unsolicited security notification will tell you to go to its website home page and log in to your account from there. It might tell you to call customer service with any questions. It won’t tell you to click a button or link, or download an attachment.
5. FINE PRINT
Because this template was stolen from a real Amazon email, the fine print doesn’t match up with the main body. Specifically, this line stands out: “Please note that product prices and availability are subject to change. Prices and availability were accurate at the time this newsletter was sent; however, they may differ from those you see when you visit Amazon.com.” Obviously, this was a deal or product notification email the scammers used, not a security email.