A new, realistic-looking phishing campaign is targeting Amazon customers.
Criminals are sending mass emails that appear to have come from Amazon and thank recipients for making purchases on Amazon's "Prime Day" back in July. The emails then invite recipients to go to the Amazon website to "write a review" and receive a special $50 "bonus" credit for doing so.
If users click the link in the email, however, they are routed to a criminal's clone of the Amazon site - not the real Amazon.com - and if they enter their credentials (i.e., their usernames and passwords) when prompted, a criminal will gain access to their accounts. Additionally, it is possible that the rogue site may install malware on computers or mobile devices being used to access it.
The email that I received is realistic looking - it even contains manual instructions in case one does not want to click the first link. But within the manual instructions the link to Amazon.com also routes to a bogus site - so following those instructions is not any safer.
If you ever receive an email allegedly from Amazon asking you to take any action, the safest way to do so is to ignore any links in the email and instead enter https://www.amazon.com in your web browser. Once you log in, you can access your orders, and communicate with customer service regarding any questions.
If you ever receive an email that you suspect is impersonating Amazon, you should also contact Amazon using the instructions on the site's report-phishing page.