I received 4-5 of these messages recently and they’re a phishing scam.
“We are unable to validate important details about your Amazon WebServices (AWS).
Please Confirm Your Information To Remove Account Limit Restriction.”
Here’s what I see that tips me off that this is a phishing email:
- The bad English. About my AWS? Or… About my AWS account? That latter is better English and what I would expect from Amazon.
- It’s not “Amazon WebServices” but “Amazon Web Services” and I don’t think Amazon would make that mistake.
- It’s not from Amazon. This one is from “GJTmisq@essiongard.asawsamazses.com” and what the heck is “asawsamazses.com”?
- The message is actually an image, not text. This is one way they try to get past phishing screening – by putting the text in an image where a computer program can’t really read it.
- The Reply-To is “reply_to@variety.com” and… why? What does that have to do with Amazon?
- Why would this text have the first letter of every word capitalized? “Please Confirm Your Information To Remove Account Limit Restriction.” That’s not correct.
- And “Confirm AWS” – what? How do I confirm Amazon Web Services? I can confirm my account but I cannot confirm AWS. This is off.
- The link goes to: https://amazonoginaws.s3.amazonaws.com/cvefbfgbf.html and that’s a little tricky but I clicked on that and got a “Deceptive Site Alert” – so, what they’ve done is set up a deceptive site on Amazon Web Services. Amazon should take care of this since it’s a phishing site on their network.
English is not an easy language to learn. If you’re a native English speaker, be thankful. It’s very easy to make mistakes. If you didn’t do well at English in school or don’t know the rules, you might struggle with this part, which does give me a lot of clues.
I also know that “details” is word that Indians love for some reason, so I suspect this came from India.
Get Phishing Scam Protection
I also set up phishing protection for all devices on my network. Setting it up just took 5 minutes, so it’s very easy. You do it once, and you’re set. It doesn’t protect against everything but every bit helps.
Go check out the solution here and let me know what you think.
