<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><> ~<>~<><>~<>
>From Russia With Guile, The Amazon Scam
<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><> ~<>~<><>~<>

A new Amazon scam lurks in a wave of phishing emails launched
by Russian identity thieves.

Several variations of the spoof email have been identified but
they all have the same intention of trying to trick victims
into giving away their Amazon ID and password.

Armed with these, the scammers order items from Amazon on the
victim's account, since many users also store their credit
card details online with the retailer, so they don't need to
be re-entered.

They may also try to change victims' registered email
addresses so Amazon's confirmation of the purchase goes to the
crooks rather than the account holders, though Amazon will
normally notify you of any attempt to change your address.

Ironically, the most common version of this Amazon con is, in
fact, a bogus confirmation of a change in your registered
email address.

Bearing the Amazon logo, it is sent to your existing address
and is headed "Verify Your New Email Address." However, it
doesn't say what this new address is supposed to be.

Instead, you're invited to click a "Confirm" button or a link
that appears to be "http://clicks.aweber.com/y/ct/?l=76C...NqYx4OAFxkWE2w" but, in both cases,
they take you to a bogus Amazon site in Russia that asks you
to key in your password.

In other variations of this Amazon scam, the spoof email seems
to be either a shipping notification or a cancellation
confirmation for an item you didn't order.

Again, the crooks hope that, on realizing you haven't placed
such an order, you'll click on a link that takes you to the
same bogus Amazon page in Russia.

Just to make things worse, once they have a victim's sign-on
information, they'll try it out on other sites, since many
people use the same details and passwords for several
retailers.

To avoid this type of phishing email, the most important thing
is never to click on links inside such messages. Don't even
attempt to copy and paste the links into your browser address
bar.

Instead, open your browser (e.g., Internet Explorer, Firefox,
Google Chrome or Safari) and type in the online store's
address (e.g., www.amazon.com), sign on there and go to "Your
Account" or "My Account" or something similar.

There you can check any details about email addresses and
orders. You can forward scam emails to
stop-spoofing@amazon.com.

Amazon also has a helpful guide on email identification.

http://clicks.aweber.com/y/ct/?l=76C...heYVh2tSH9b2AQ

As a further precaution, you can also delete any of your
credit card details the retailer holds. And, of course, make
sure you use a different password for each online account you
use.

For more about passwords, check out these earlier Scambusters
issues.

http://clicks.aweber.com/y/ct/?l=76C...P1ub7S7eor80ng

http://clicks.aweber.com/y/ct/?l=76C...3.fgjwLcpVrBiA


New Counterfeit Checks Scam

Though there's not a lot you can do to prevent it, readers
should be aware of a major hack attack that could result in a
hit on their bank accounts.

Scammers have found the perfect way to forge what appear to be
genuine checks, drawn on victims' banks and seemingly signed
by them.

Once again, the crooks seem to be based in Russia. According
to reports from the Associated Press, they hacked their way
into three companies that provide a check scanning service for
banks.

These companies generate images of the checks we write, so
people who use online banking services can review them online.

Just think about it. Those checks contain bank account names
and numbers, bank details (like routing numbers), home
addresses and, worst of all, signatures.

After downloading them, the crooks use software to create
identical new checks, with forged signatures. Usually, they're
made out for just less than $3,000, which is the threshold for
banks to query and verify withdrawals.

Using this technique, they may already have gotten away with
an estimated $9 million and, although the three firms involved
have now tightened security, the crooks still have thousands
of account details and may be targeting other check scanners.

They pass the forged checks to "mules," recruited via
work-from-home ads, who cash them, keeping a small percentage
for themselves, then send the remainder through untraceable
money-wiring services.

For now, it seems that the stolen check images and the
counterfeits have mainly been drawn on business bank accounts
rather than those of individuals, but security experts are
convinced the crooks will try other online check archiving
services.

A list of the compromised accounts has not been released but
more than 200,000 check images are said to have been stolen.

If you're a small business, one way you can avoid falling
victim to this scam is to set up a "positive pay" arrangement
with your bank.

Under this process, you send your bank a list of checks you've
issued each day and they are the only ones the bank will
honor.

For individuals, the best thing you can do is to monitor your
bank account online every day, to review and confirm any check
payments you've made.

If there's something there you don't recognize, contact your
bank immediately. Normally, if you notify them and are able to
show you did not issue the check, the bank will cover the
loss.

And, of course, looking for big-paying, easy-money,
work-from-home schemes, remember that there's no such legal
thing.

You can read about the "Top 10" tips to avoid being taken by
work at home scams in a previous Scambusters issue:

http://clicks.aweber.com/y/ct/?l=76C...7iLF4Yn.fQQ20A

If you're asked to cash a check and wire part of the money to
someone else, it's almost certainly a scam.


Hotels Are Card Hackers Top Targets

Finally, on the theme of hacking and making a regular check of
your online accounts, comes the disclosure that almost 40% of
stolen credit card data comes from hotels.

They make a good target because they often use external
companies to manage their computer systems, including credit
card processing.

Careless "techies" at these external firms sometimes leave the
digital door open to the hotel systems, enabling hackers to
come in and steal customers' credit card information.

Prevention is down to the hotels themselves but, from a
customer/guest point of view, the crime underlines again the
vital importance of regularly monitoring your account.

According to a recent report in the newspaper USA Today, banks
and credit card companies are now thinking of asking customers
to check their online accounts every day.

Maybe you want to get a jump on them and start right now! It
makes sense, too, to regularly monitor your accounts with
online retailers.

Even though you're now wise to the Amazon scam, if someone
gets your card details from a hotel hack, guess where they
might go to use it?

That's it for today -- we hope you enjoy your week!