Is the account update Amazon notification real or a form of scam?
I just got either a helpful security update from Amazon or an advanced phishing attempt by an Amazon impersonator falsifying the email origin. The title is "Your Amazon password has been changed".
There seem to be mixed claims about the validity of this online. One of the articles I'll cite mentions that in his version of this email, each mention of "Amazon.com" is formatted as a link. The article doesn't mention verifying the target of the link and unfortunately (or fortunately) my email client (Yahoo mail) seems to have removed this link from the text, perhaps to combat such phishing attempts. I'm not worried about being in danger myself, but I thought it would be good to create this question for people searching Google about this email today to learn about the validity of it or lack thereof.
The email reads: Hello, At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email addresses and passwords posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on multiple websites. Since we believe your email addresses and passwords were on the list, we have assigned a temporary password to your Amazon.com account out of an abundance of caution.
You will need to reset your password when you return to the Amazon.com site. To reset your password, click "Your Account" at the top of any page on Amazon.com. On the Sign In page, click the "Forgot your password?" link to reach the Amazon.com Password Assistance page. After you enter your email or mobile phone number, you will receive an email containing a personalised link. Click the link from the email and follow the directions provided.
Your new password will be effective immediately. We recommend that you choose a password that you have never used with any website. You can also enable Amazon's Two-Step Verification, a feature that adds an extra layer of security to your account. In addition to entering your password, Two-Step Verification requires you to enter a unique security code during sign in. To learn more about Two-Step Verification, go to Amazon.com Help, go to Managing Your Account, and click More in Managing Your Account, and then click More under Account Settings.
Sincerely,
Amazon.com http://www.amazon.com
This email was sent from an address that cannot accept incoming e-mail. To contact us, please visit the Help section of our website.
A quick Google search of the first paragraph returns one article claiming the email is a valid security measure from Amazon, while the other claims it to be a phishing scam. Which is it?
One comment reports they contacted Amazon about the email and received this response:
Hello,
The e-mail/SMS message you received wasn't from Amazon.com. For your protection, do not respond to it, and do not open any attachments or click any links it contains.
We recommend that you send a new email/SMS message and attach the email/screenshot of the message you suspect is a fake, then send the email to stop-spoofing@amazon.com.
However another comment claims: My wife got this email also. I contacted amazon through my account and we were able to confirm that this was indeed really from amazon and that they did scramble passwords.
I've just received a similar account update Amazon notification and the email appears legit. I was searching for information on what list it would be to know what else might have been affected.
It has the right headers in authentication:
Received-SPF: pass (google.com: domain of 2016061614470736b293d09e3b4022b187117dcb50p0eu@bounces.amazon.co.uk designates 176.32.127.205 as permitted sender) client-ip=176.32.127.205;
Authentication-Results: mx.google.com;
dkim=pass header.i=@amazon.co.uk;
dkim=pass header.i=@amazonses.com;
spf=pass (google.com: domain of 2016061614470736b293d09e3b4022b187117dcb50p0eu@bounces.amazon.co.uk designates 176.32.127.205 as permitted sender) smtp.mailfrom=2016061614470736b293d09e3b4022b187117dcb50p0eu@bounces.amazon.co.uk;
dmarc=pass (p=QUARANTINE dis=NONE) header.from=amazon.co.uk
The email is also text/plain, there's no links and other stuff so seems like it's legit.
My email was slightly different and had no link at the end:
Hello Manuel Sousa,
This is an important message from Amazon. At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email address and password sets posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on several websites. We believe your email address and password set was on that list. So we have taken the precaution of resetting your Amazon password. We apologise for any inconvenience this has caused but felt that it was necessary to help protect you and your Amazon account.
To regain access to your Amazon customer account:
- 1. Go to Amazon and click the "Your Account" link at the top of our website.
- 2. Click the link that says "Forgot your password?"
- 3. Follow the instructions to set a new password for your account.
Please choose a new password and do not use the same password you used with us previously. We also highly recommend that you choose a password that you are not using on any other sites. We look forward to seeing you again soon.
Sincerely, Amazon Please note: this email was sent from an address that cannot accept incoming e-mail. To contact us about an unrelated issue, please visit the Help section of our website.Also, my password at amazon had been disabled and I had to reset it.