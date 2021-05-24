Discovering a scam online can be very complicated, they are becoming more and more perfectionists, but with some tips it is easier to protect yourself from phishing emails like this one that has reached us.

Fake emails on behalf of large companies and institutions such as the Ministry of Labor or Amazon are the order of the day. Hackers are increasingly careful to deceive their victims, but users can also educate our eyes to detect those signals that alert us to the deception.

This week one of our colleagues from Computer Hoy received a fake email impersonating the Amazon brand. It is a very common scam for months that has appeared on other websites such as Maldito Bulo where they report fraud, but this has not prevented it from continuing to be used to deceive users.

We are going to analyze those little details that have helped us detect that it was a phishing email so that if you receive it in the future, you know how to analyze it and protect yourself from this type of campaign. The mail is well designed, but it is not without flaws that give them away.

If we read carefully, we see that the email contains spelling mistakes and uses incorrect expressions or mixes languages. For example, the first letter of “dear” is lowercase, when it should be uppercase. It also says “in Spain” and “your participation will be 100% reward”, instead of “in Spain” or “rewarded”. It may seem like very silly details, we all make a mistake from time to time, but this should make us hesitate and check the mail more carefully.

Other useful details are usually the subject or email address from which the email is sent to us. In that case the subject says “application accepted: May 23, 2021” (more misprints) and the address is “@ axocoffeehouse.com” which is obviously not from Amazon. The emails of this company always belong to an address ending in “@ amazon.es”, this domain assures us that the email is legitimate.

The same goes for email links. We should not pick on them because they can download malware onto the computer or take us to a fake page where, as in this case, they ask us to fill out a form with our data. As Amazon customers, the company already has our data, so it is strange that they request it. Placing the mouse over the button or link, we can see the url to which they intend to take us at the bottom of the window and thus verify that it is a false website without the Amazon domain or the corresponding https security.

These types of offers are also suspicious in which Amazon or any other company gives us a product as expensive as the Samsung Galaxy S21 in exchange for a simple survey and by mail. It is important to be suspicious of any offer or prize that reaches us in the mail, as it is a technique widely used by cybercriminals to attract our attention.

Can you tell a fake email from a real one? We explain the main signs to avoid being scammed online through an email.

Remember to check the messages very well before clicking on any link or downloading anything. Being informed of these techniques and the new campaigns that circulate on the web allows us to exercise our minds and detect these frauds faster. So, It is advisable to consult networks or search the internet for these offers to see if other users have reported this practice before and can give us tips to avoid falling into the trap.

If you get one or you think you have been the victim of an online scam (it can happen to anyone), contact the Internet Security Office (OSI) of the National Institute of Cybersecurity (INCIBE).