Android and ID Theft – Beware of Emails containing Fake Amazon Orders on Your Smartphone

I received an email this morning on my Samsung Epic that my new Airport Extreme 802.11N router had just shipped from Amazon.  Problem is — I did not order this item.  The email was a fake.  The email did not contain a virus itself but the links in the email pointed to a compromised site which could download a dangerous payload.  This is the text of the email (don’t worry – the links have been disabled!):

Subject:     Your Amazon.com order of “Airport Extreme 802.11N (5TH GEN)” has shipped!
Date:     Tue, 9 Jan 2012 15:35:50 +0100
From:     XXXXXXXXX
To:     XXXXXXXXX

Hello,

Shipping Confirmation
Order # 841-4430560-8707730

Your estimated delivery date is:
Thursday, January 12, 2011

Track your package Thank you for shopping with us. We thought you’d like to know that we shipped this portion of your order separately to give you quicker service. You won’t be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com.

Shipment Details

Airport Extreme 802.11N (5TH GEN) $119.95
Item Subtotal: $119.95
Shipping & Handling: $0.00
Total Before Tax: $119.95
Shipment Total: $119.95
Paid by Visa: $119.95

You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.

Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service.

We hope to see you again soon!
Amazon.com

I have received plenty of fake orders before.  But, since I am reading more emails on my smartphone, these spoofing emails are tougher to detect.  Android email clients can simplify such emails in a preview to make them look just like the real thing especially if your orders are through an Amazon Partner or Amazon Marketplace vendor who sends a non-Amazon generated emails.

Think before you Click!

My first instinct was to click on one of the links to see the order.  On my smartphone, this link would have opened my default web browser.  It could have attempted to download a Trojan or just directed me to a fake Amazon site to collect info for an ID theft.  Even if you are running a anti-virus program like Lookout, your smartphone may not be protected against all possible threats.  You need to think before you click on the link!

Log into your Amazon account through your web browser or smartphone App.

You need to verify that this order did not ship.  Log into your Amazon account through your web browser or your smartphone App.  AGAIN – do NOT click on the links in that email!  One give-away was the wacky order number in the email.  My fake order number was 841-4430560-8707730 which is not even a valid Amazon number.

Contact Amazon about the fake email.

Yes, you can actually speak to someone at Amazon.  Log into your Amazon account through your web browser and scroll down to the bottom of the page.  Click the Help link. On the next screen, you will see a Contact Us button.  You will need to answer three questions to be directed to the correct Amazon rep.

Just select the following answers:

1.  What can we help you with?  Something else.
2.  Tell us more about your issue?  Unknown charge.
3.  How would you like to contact us?  You will now have the option of an email, a phone call or an online chat.

It’s even easier on your Amazon App for Android.  Just click Help at the bottom of the first screen and click Call Customer Service.

Tell the Amazon rep that you want to report a fake Amazon order and they will send you an email with instructions to report the “spoofing”.  You should always report such spoofings to stop these threats as soon as possible!

Delete the email and empty your trash!

Today you will remember that the email contained a fake order.  A few weeks down the road, you may not.  Better to get rid of the spoofing email to prevent a future problem.

Run a full virus scan on both your desktop and your smartphone!

Better to be safe than sorry.  Anti-virus programs like Norton or Symantec have Quick Scan options.  If you do not have time for a full scan, you need to at least run a Quick Scan.  Smartphone Apps like Lookout also have Scan options.  These tend to be quicker since your smartphone has less storage so there is less to scan.

Is your smartphone’s WIFI connection secure?

Do you use free WIFI hotspots at Starbucks?  If so, your connection is vulnerable to an attack.  I just installed a new Android App from Gurke Development called Wifi Protector.  It automatically screens your WIFI connection for signs of WIFI sniffing attacks (ARP spoofing/caching, DOS and MITM session hijacking).  It is only active when your WIFI is enabled and does not seems to be a battery drain.

Beware of unsolicited calls from “recruiters”.

As I was writing this article, I received an unsolicited call from a “recruiter”.  This person was conducting a candidate screening for a job within my area.  However, she would not identify her client (company with the job).  It just so happens that I installed the Mr. Number App on my Android smartphone which automatically runs a Caller ID check on the incoming call (as long as you have a WIFI connection).  The “recruiter” claimed to be from a company in California which was different from than the Caller ID results.  Coincidence?  Possibly.  But, it’s better to play it safe.  You can also use Mr. Number to automatically screen incoming calls or block calls/texts from phone numbers listed in their SPAM database.

If you take away one thing from this article, let it be this – Think first before you click!  You can receive a dangerous email from anyone.  (Remember the classic “ILOVEYOU” virus which worked its way through an infected person’s contact list.)  Spoofing is even more dangerous since its goal is ID Theft and your smartphone (with a web browser) is an easy target!

3 thoughts on “Android and ID Theft – Beware of Emails containing Fake Amazon Orders on Your Smartphone

  1. Rule 1: If you need to check on an order status, log into the site directly and check your pending orders. Don’t use an email link even if you think it’s legit.

    Rule 2: If it is a legit email, it will typically have some identifying info (your account number, your billing/shipping address) beyond the email address they are phishing you with.

    Rule 3: Many phishing emails use random number generators that don’t even add up: Item 1: $100, Item 2 $100, Shipping $50, Total: $1400.00 If it doesn’t add up, it doesn’t add up. 😉

    JP

  2. I am glad I read this. I got an email from “Amazon.com” on my laptop this morning telling me that my order was cancelled. I never placed this order! Luckily, I did not click on the link in the email. I just happened to see this post and followed the instructions. I selected the phone call option and they called me right away. They thanked me for reporting this and they confirmed that the email did not come from Amazon.com. Thanks for a useful and timely article!

Leave a Reply

Your email address will not be published. Required fields are marked *

four × three =