Ceci est une ancienne révision du document !
In FCM#188 (December 2022), a ‘My Opinion’ article by Erik concerning security and how to be safe on your computer, was published. When I read it (actually, I probably translated it for the French magazine), I felt as though I was pretty safe, according to his guidelines, although having a password for every important email address (doctor, dentist, etc) is beyond me in my senior years.
Because of a recent experience, I have become far more humble. On the 19th of June, I received an email from Amazon thanking me for having subscribed to Amazon Prime after my trial month and telling me that the subscription would go into effect on the 21st for 49.95 euros per year. If, however, I wanted to cancel it, I had only to click on the typical yellow Amazon button to go to a website (the address of which was Amazon.fr (plus a whole bunch of weird letters), and go through the moves.
It is true that, after ordering something a bit before, I had found that I had somehow subscribed to a trial month of Amazon Prime, BUT, as far as I knew, I had immediately canceled its conversion into a true subscription. For that reason, the email sent to my email address for Amazon disturbed me no end. The sender (Amazon Prime) looked legitimate. The cancellation button looked legitimate. And so I clicked on it and found myself faced with another “legitimate” yellow button with a contextual menu that gave various choices of my reason for a cancellation. And I picked one – something like My Subscription was a mistake…
Then I gave my name, my address, and my PASSWORD to Amazon. Can you believe this? When I think about it, I certainly can’t. On the right, there was a space to fill out my credit card information. Above that, there was a spiel as to how protected this was, encrypted, and so on and so forth. At the top of the space to fill in, was the right expiration date for a Visa gift card I had registered with Amazon. So I went to get my “real” Visa card. They requested, not only the number, but also the expiration date and that three-digit number on the back. What could that possibly be for (ha ha ha)?
My mind finally kicked in and I realized that this whole thing definitely couldn’t be legitimate, so I erased everything and stopped. Thank goodness! I then went onto my legitimate Amazon account where there was no mention at all of Amazon Prime. On the other hand, on one of the pages, I found that Amazon said clearly that they would never request either your password or your credit card number. (Of course you register a number to pay for legitimate purchases, but that is quite a different kettle of fish.)
Tip number one: If you get any unexpected request in an email “from Amazon”, begin by going onto your own bona fide Amazon account. Yes, I know, I’m assuming you do have an account on Amazon, but it’s so convenient that many people do these days.
Tip number two: If your email account has a site for your emails as webmail (mine is on Zimbra), go there and check out the email you just received. When I did that, it turned out that the message that looked totally legitimate came from a really strange address in, of all places, Japan.
My next task was informing Amazon of this. It took a while to navigate through their pages, but I finally came to one where an address was given: stop-spoofing@Amazon.com so, as requested, I sent them the full weird URL that was purportedly theirs. They have since thanked me for letting them know and reminded me to change my password to their site.
Interestingly enough, when I went onto Amazon for the first time since the mess, I had to go through a session of, not double, but triple, authentication so I think I can assume that they took my report quite seriously.
I know that this article is not about Ubuntu, but I felt it was worth writing so that none of our readers who are wholly confident in their security measures will fall into the same well-wrought trap that I did. It was an awful, guilt-making, experience, and one that you definitely want to avoid.