Is this phishing?

George K
HOLY CARP!!!
George K
HOLY CARP!!!
Joined: August 4th, 2005, 8:24 pm

March 14th, 2016, 2:43 am #1

Got this email:
wrote:Hello,

At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email address and password sets posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on several websites. We believe your email address and password set was on that list. For your security, we have assigned a temporary password to your account.

You will need to reset your password when you return to the Amazon.com site. To reset your password, click "Your Account" at the top of any page on Amazon.com. On the Sign In page, click the "Forgot your password?" link to reach the Amazon.com Password Assistance page. After you enter your email or mobile phone number, you will receive an email containing a personalized link. Click the link from the email and follow the directions provided.

Your new password will be effective immediately. We recommend that you choose a password that you have never used with any website.

Sincerely,

Amazon.com
http://www.amazon.com
Here's where it gets interesting:

I logged into my account through a new browser window, not using the links in the email using my OLD password, and it worked. Hmmm...seems they didn't reset my password after all. I changed it anyway (to something unique). Interestingly the email and all the links appear to be real Amazon links, and not a spoof.

http://amazon.com/ is the URL for all the links in the email.

Thoughts?
A guide to GKSR: Click

"Now look here, you Baltic gas passer... "
- Mik, 6/14/08


Nothing is as effective as homeopathy.

"There are 57 different genders, but politics is binary."
- David Burge, 7/29/18
Quote
Like

jon-nyc
HOLY CARP!!!
jon-nyc
HOLY CARP!!!
Joined: April 22nd, 2005, 8:47 pm

March 14th, 2016, 2:51 am #2

This woman claimed it was legit when it happened to her.

http://www.amazon.com/forum/kindle?_enc ... 2Z1OHI02AT
Clowns to the left of me, jokers to the right.
Quote
Like

jon-nyc
HOLY CARP!!!
jon-nyc
HOLY CARP!!!
Joined: April 22nd, 2005, 8:47 pm

March 14th, 2016, 2:52 am #3

Of course that isn't definitive.
Clowns to the left of me, jokers to the right.
Quote
Like

George K
HOLY CARP!!!
George K
HOLY CARP!!!
Joined: August 4th, 2005, 8:24 pm

March 14th, 2016, 2:57 am #4

jon-nyc wrote:This woman claimed it was legit when it happened to her.

http://www.amazon.com/forum/kindle?_enc ... 2Z1OHI02AT
wrote:Well Theresa - the easy way to tell was IF they actually changed your password for Amazon. Could you sign in on the Amazon site (here) with your old password? If so, it was BS
And I was able to sign in with my old password.
A guide to GKSR: Click

"Now look here, you Baltic gas passer... "
- Mik, 6/14/08


Nothing is as effective as homeopathy.

"There are 57 different genders, but politics is binary."
- David Burge, 7/29/18
Quote
Like

jon-nyc
HOLY CARP!!!
jon-nyc
HOLY CARP!!!
Joined: April 22nd, 2005, 8:47 pm

March 14th, 2016, 2:58 am #5

And she wasn't - read down the thread more.
Clowns to the left of me, jokers to the right.
Quote
Like

George K
HOLY CARP!!!
George K
HOLY CARP!!!
Joined: August 4th, 2005, 8:24 pm

March 14th, 2016, 3:00 am #6

jon-nyc wrote:And she wasn't - read down the thread more.
Yeah, I saw that.

Of course, that thread is about 5 years old, so who knows...
A guide to GKSR: Click

"Now look here, you Baltic gas passer... "
- Mik, 6/14/08


Nothing is as effective as homeopathy.

"There are 57 different genders, but politics is binary."
- David Burge, 7/29/18
Quote
Like

Copper
HOLY CARP!!!
Copper
HOLY CARP!!!
Joined: February 14th, 2007, 11:58 pm

March 14th, 2016, 3:03 am #7

Yes, based on the word choices I think it is. The obvious broken English these guys use is getting better but it is still not what it should be.

"You will need to "

I don't care if it is correct usage or not. If I see "need to" anything I figure it is a foreign hacker.

"We recommend that you choose a password that you have never used with any website." I think that is kind of an unusual thing to say, at least in that context.

Check the source of the links in the email to see where they really go.

"After you enter your email or mobile phone number, you will receive an email containing a personalized link. Click the link from the email and follow the directions provided. " I think that is strange, even if it is legit.



The Confederate soldier was peculiar in that he was ever ready to fight, but never ready to submit to the routine duty and discipline of the camp or the march. The soldiers were determined to be soldiers after their own notions, and do their duty, for the love of it, as they thought best. Carlton McCarthy
Quote
Like

George K
HOLY CARP!!!
George K
HOLY CARP!!!
Joined: August 4th, 2005, 8:24 pm

March 14th, 2016, 3:07 am #8

Copper wrote:Check the source of the links in the email to see where they really go.
I did that, and they go to http://amazon.com/

Not www.amazon.com

And yes, the syntax is odd: "as part of our routine monitoring", for example.

"email address and password sets posted online"

A guide to GKSR: Click

"Now look here, you Baltic gas passer... "
- Mik, 6/14/08


Nothing is as effective as homeopathy.

"There are 57 different genders, but politics is binary."
- David Burge, 7/29/18
Quote
Like

Red Rice
HOLY CARP!!!
Red Rice
HOLY CARP!!!
Joined: April 13th, 2007, 2:44 am

March 14th, 2016, 3:07 am #9

Sign in, go to Your Account, then go to Message Center, and see if Amazon sent you that e-mail.
Civilisation, I vaguely realized then - and subsequent observation has confirmed the view - could not progress that way. It must have a greater guiding principle to survive. To treat it as a carcase off which each man tears as much as he can for himself, is to stand convicted a brute, fit for nothing better than a jungle existence, which is a death-struggle, leading nowhither. I did not believe that was the human destiny, for Man individually was sane and reasonable, only collectively a fool.

I hope the gunner of that Hun two-seater shot him clean, bullet to heart, and that his plane, on fire, fell like a meteor through the sky he loved. Since he had to end, I hope he ended so. But, oh, the waste! The loss!

- Cecil Lewis
Quote
Like

Copper
HOLY CARP!!!
Copper
HOLY CARP!!!
Joined: February 14th, 2007, 11:58 pm

March 14th, 2016, 3:12 am #10

"After you enter your email or mobile phone number, you will receive an email containing a personalized link. Click the link from the email and follow the directions provided. "

Maybe they feed you this line hoping you go to the real Amazon.

Then they'll follow a day later with this email with the "personalized link" telling you to follow it.

Then they get you with the "personalized link".

The Confederate soldier was peculiar in that he was ever ready to fight, but never ready to submit to the routine duty and discipline of the camp or the march. The soldiers were determined to be soldiers after their own notions, and do their duty, for the love of it, as they thought best. Carlton McCarthy
Quote
Like

Axtremus
HOLY CARP!!!
Axtremus
HOLY CARP!!!
Joined: April 19th, 2005, 1:05 am

March 14th, 2016, 10:51 am #11

Check the email header ... may be clues there.
Good luck.
Quote
Like

Riley
HOLY CARP!!!
Riley
HOLY CARP!!!
Joined: September 2nd, 2005, 6:17 am

March 14th, 2016, 3:20 pm #12

Hmm if it's phishing I don't get what they could be doing if the link actually goes to Amazon.com.
Quote
Like

George K
HOLY CARP!!!
George K
HOLY CARP!!!
Joined: August 4th, 2005, 8:24 pm

March 14th, 2016, 3:29 pm #13

Red Rice wrote:Sign in, go to Your Account, then go to Message Center, and see if Amazon sent you that e-mail.
Interesting. No message there. They did acknowledge my password change, however.

Gets more interesting. D2 said that she got a spoof email from the email account I use at amazon.
wrote:Hello!

New message, please read http://sokhandani.com/spent.php

(variation of my name here)
The "from" in that email shows a variation of the name I use at that account, but the domain is correct. So, instead of being "banana@mydomain.com" it shows "bananas@mydomain.com".

I've changed password on that account, by the way at GoDaddy.

Any thoughts?
A guide to GKSR: Click

"Now look here, you Baltic gas passer... "
- Mik, 6/14/08


Nothing is as effective as homeopathy.

"There are 57 different genders, but politics is binary."
- David Burge, 7/29/18
Quote
Like

Aqua Letifer
HOLY CARP!!!
Aqua Letifer
HOLY CARP!!!
Joined: September 22nd, 2005, 5:23 pm

March 15th, 2016, 2:48 pm #14

George K wrote:Any thoughts?
You have Prime, yes?

I'd contact Amazon directly; they're usually pretty good about responding to Prime members. Definitely sounds like something's going on.
I cite irreconcilable differences.
Quote
Like