It's the most halfhearted phishing attempt we've seen in a while: Security company Malwarebytes has identified a new email scam trying to trick recipients into divulging the credentials to their "Amazoon" accounts.
Yes, you read that right. The email message comes from the address "amazoon [at] team [dot] fr" and the subject line reads "Verify Your Amazoon Account." The body of the message contains an Amazon logo and vaguely worded instructions to "confirm your account" by clicking on the hyperlinked word "Manage."
When cybercriminals steal someone's financial information or hijack an account, they're not usually "hacking." More often, they'll simply try to trick authorized users into divulging their own account-login credentials.
Usually, however, criminals try a little harder than this. Even without the obvious spelling mistake, these "Amazoon" emails contain all the phishing warning signs: the request to "confirm an account" for an unspecified reason, a vague threat that an account is about to be closed, again for an unspecified reason, an incorrect email address domain name (in this case, team.fr instead of amazon.com) and an embedded hyperlink that seems like it should lead to Amazon's website.
Malwarebytes found that this link redirects to a fraudulent Web page that does a much better job of pretending to be the real Amazon. If you enter your Amazon-associated email address and password, you'll then be taken to a page claiming to ask for "Billing Address Verification": your full name, home address and phone number.
The page after that is no longer accessible. Malwarebytes' Christopher Boyd says that may be because the website's host took it down. He guesses the removed page probably asked users to share credit-card information.
You should always be very skeptical of unsolicited email messages, particularly those that seem to come from online services. Double-check the email addresses from which the messages were sent, and don't trust anything official that has spelling mistakes in it.
If you ever really need to check up on an online account, you should go to that webpage yourself by typing the URL into your browser, instead of clicking any links in emails.