large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

What does an Amazon phishing email look like?

Phishing emails are designed to elicit emotion, either to make you panic or jump at a time-limited opportunity. When it comes to Amazon, the panic-including ones are more common, like there extremely expensive purported Amazon Prime subscription notification I’m going to break down below.

Quick Safety tips

  1. Look closely at the sender’s email address.
  2. Hover your mouse over links to check the URL they come from.
  3. Always go directly to amazon.co.uk if you receive an unexpected payment notice – sign in and check Your Orders and Your Account to see past and pending payments.
  4. Enable two-factor authentication on your Amazon account so that, even if your password is compromised, the thieves won’t be able to get access.
  5. If you accidentally visit a phishing site, don’t panic: log in to your Amazon account on the real website and change your password as soon as you can. Remember to check for unrecognised purchases and secure your account via the Login & security settings.

This is a particularly simple spam email, lacking any Amazon logos or graphical content, but those aren’t the critical tells that show us this is a fake: phishing emails can and do come emblazoned with all kinds of corporate logos.

Nonetheless, it’s superficially convincing, listing Amazon.co.uk as the sender, from what looks, at first glance, to be an Amazon email address… or is it?

Read the From field closely, and you’ll see that it’s actually from auto-confirm@amaz0no10.co.uk – that alone is enough to show that this is a fake, but some phishing emails use more deceptive address spoofing, so let’s look for other clues.

Hover your mouse pointer over that Manage/Cancel Subscriptions link at the bottom, which the message’s author very much wants us to click on. In the bottom bar of your email client or in a floating box near your cursor, you’ll see a shortened URL from the bit.do service. The service itself is entirely neutral, albeit currently popular with phishing attacks, but the very presence of a shortened URL is a red flag in an email of this kind.

If you’d like to check the contents of a shortened URL, a number of online services will expand it to show you the real URL it leads to. CheckShortURL does an effective job of this.

It even tries to take a screenshot of the site you’re being sent to, although it hasn’t succeeded in this case. The shortened URL links directly to an IP address, which is home to a faked-up Amazon login page that, if you’re panicking about a large and unexpected bill, is just convincing enough to trick you into entering your username and password, to be used or sold by the thief.

Kaspersky Total Security – Now 60% off

Kaspersky Total Security – Now 60% off

Award-winning protection against hackers, viruses and malware. Includes, Free VPN, Password Manager and Kaspersky Safe Kids.

USE code: KTSQ210 to save an additional 10% on top of the already fantastic 50% discount

  • CODE: KTSQ210
  • 60% off
  • £16 per year
View Offer

For further information on common phishing tactics, see Amazon’s own guide, which includes contact details for Amazon’s spoof email reporting service and additional information about phishing phone calls and text messages.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.