CHICAGO - Millions use Amazon to shop, and many are used to receiving emails from the company. But the ABC 7 I-Team investigated emails that look like they could be from Amazon but are not.
Studies show phishing attacks are on the rise.
When I opened a recent email, I thought it was an alert from Amazon saying someone was trying to hack into my account. But when I took a closer look- I found out it was all fake.
The message was alarming. It said that I had entered the wrong Amazon password several times and that Amazon needed my personal information.
Phishing has been around forever, so why is it still a big problem?
"Because people are falling for it," said Shawn Kanady of Trustwave.
We showed my email to security experts at Trustwave.
"People aren't reading fully an email. They are seeing a logo so it's really easy to just see the logo and assume it's real, click the link and be done," said Kanady.
It asks me to click on this link to "make my account more secure."
But when you hover over that link, it is not an Amazon site, meaning I would be giving my Amazon account information to someone else or worse.
"Clicking on the link could take you to a malicious website that is going to install malware that can even further harvest banking credentials, other passwords that they might be able to find on your computer," said Kanady.
Look at the poor grammar, such as "We need more informations from you."
"Where you can see 'you've entered wrong password for many times.' Clearly there are grammatical issues there. Legitimate companies spend a lot of time building their emails. They have marketing departments that are designed to just craft emails without typos and grammar," said Kanady.
Amazon confirmed the email is not from them and has a section of its website devoted to warning customers about a flurry of phishing emails.
The email I received said the address it's being sent from is "Amazon.com," but watch, it's really another email.
Amazon said they will also never ask you for personal information or ask you to update payment information.
The same rules go for other legitimate companies.
Amazon has information to help identify if an email is actually from the company here.