Amazon: It's Okay to Train You to Accept Phishing Messages

Amazon apparently thinks it’s okay to send you email asking you to click on a link and enter your credit card information. I confirmed with Amazon that the email shown below was in fact sent by them.

Also not good is that when I initially followed my own bookmarked link to Amazon web services account manag ement, I did not see this notice. Even on my payments page I didn’t see this notice, or a notice of any kind indicating that my payment method was not valid (except for the absence of a checkbox beside any of my still-listed credit card options, which did not clue me in). Since I haven’t changed credt cards recently this all smelled rather phishy. Amazon’s response instructed me that I needed to look at past billing history in order to see the notice.

I’m a fan of how Amazon runs their show, but here’s an area where they could accomodate a bit of improvement. I suggested in my inquiry that if this was a legitimate email from them, they needed to review their process. That suggestion was met with a non response.

Subject: Amazon Web Services Account Alert
From: Amazon Web Services
Date: Fri, Dec 10, 2010 at 4:21 PM
To: “xxx” xxx@xxx.com

Greetings from Amazon Web Services,

AWS was unable to charge your account based on the payment information you provided. To view your current charges please visit your AWS Account Activity page:

http://aws-portal.amazon.com/gp/aws/developer/account/index.html?action=activity-summary

From this page you’ll also be able to update your payment method or retry your failed charges.

If you feel you have received this e-mail in error, please reply to this message or send an e-mail to webservices@amazon.com.

Thank you for your interest in AWS.

Sincerely,

Amazon Web Services

This message was produced and distributed by Amazon Web Services LLC, 410 Terry Avenue North, Seattle, Washington 98109-5210

Comments