Strange Messages from Amazon.com
Philippe Verdy
verdy_p at wanadoo.fr
Sat Jan 20 01:32:22 UTC 2007
From: "Robin 'Roblimo' Miller" <robin at roblimo.com>
>>
>> What is happening is that some spammer sends an email with a return
>> address here - and it ends up hitting one of Amazons servers - so that
>> server bounces it.
>
> Quite likely. As the "complaint department" for OSTG sites, I get a lot
> of "STOP SPAMMING ME OR I'LL DO SOMETHING TERRIBLE TO YOU" emails,
> including many that claim they're getting emails from our site alias
> email addresses that have no outbound capability.
>
> Using a fake email return address is a typical spammer "deflect the
> anger" trick. Here's a Wikipedia entry on the topic:
> http://en.wikipedia.org/wiki/E-mail_spoofing
You're not alone: I have also received email from Amazon.com's autoresponder confirming a request that I would have made regarding my account depsite I have NO account on any Amazon service.
This is clearly a spam attack, trying to find which known email users have an Amazon account, and forcing Amazon to process requests for them (such as trying to steal their password through automated recoverry by email,before stealing vendor data, customer money, bank accounts...).
This is certinaly part of a large scale phishing attack. That's why I have signaled it to Amazon (using their abuse report form, but without creating an account on their service).
More information about the License-discuss
mailing list