If you've come across any order confirmation emails from Hotels.com, Google Play or Mastercard in your inbox recently, they weren’t sent by hackers even though you might have thought so at first glance.
As reported by BleepingComputer, these emails were actually sent by Amazon over the weekend, which lead to a lot of concussion surrounding these fake purchases.
According to a post on Reddit, one user received three gift card emails in a row from the company. However, when they went to check their Amazon Prime account, none of the orders were there. Others took to social media to share similar stories about the barrage of order confirmation emails they received.
Several staff members at Tom’s Guide also got one of these emails. In the example above, you can see that this order confirmation email was for Google Play gift cards that were allegedly purchased off of Amazon. However, like the rest of the recipients of these emails, we also didn’t order anything from Amazon.
If this was a phishing email though, the “See more information” button would have likely led to a malicious site designed to steal our credentials and other sensitive personal and financial information. Instead though, the button links to a page on Amazon.com with more information on some of the most popular Amazon scams out there.
In a statement to BleepingComputer, an Amazon spokesperson explained that this email and others like it were sent out by mistake as the result of a glitch in its system and that the company will be contacting all impacted customers. The error has now been fixed and something like this won’t likely happen again.
How to stay safe from email-based threats
While these fake order confirmation emails from Amazon weren’t sent by hackers, they still highlight why you need to be careful when checking your inbox. At the same time though, hackers and other cybercriminals could leverage this mistake to send out similar messages in which they pose as Amazon, hoping people will click on their malicious links or download any attachments their emails contain.
For this reason, you need to be cautious when dealing with emails from unknown senders, especially when they try to instill a sense of urgency in order to get you to click, call or take other actions. Hackers often use unpaid invoices in their scams but instead of responding or calling a number in the email, you should first check your account on the store’s website to make sure that you didn’t really purchase what they claim you did.
In these emails themselves, you want to be on the lookout for poor spelling and bad grammar as these are both major red flags. Likewise, you should examine the sender’s email address as Amazon or any other large company wouldn’t email you from a Gmail account as they all have their own email systems.
For further protection, you should also consider installing the best antivirus software on your PC, the best Mac antivirus software on your Mac and one of the best Android antivirus apps on your smartphone. Phishing emails often contain malware or lead you to sites distributing viruses, so using an antivirus alongside good judgement is one of the best ways to stay safe from hackers.
Now that Amazon has claimed responsibility for these fake order confirmation emails and fixed the glitch that caused them in the first place, you likely won’t see any more of them arrive in your inbox.