Considering the sophistication of the scam e-mails that I've been receiving lately, there must be a huge black market in phishing, the practice of tricking people into revealing their passwords from ecommerce sites and banks.
A phony Amazon.Com e-mail I received last night is pretty convincing:
Dear Amazon member,
Due to concerns we have for the safety and integrity of the Amazon community we have issued this warning.
Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.
Please follow the link below:
and update your account information.
We apreciate your support and understanding, as we work together to keep Amazon market a safe place to trade.
Thank you for your attention on this serious matter.
Amazon Safety Department
The link had the Chinese hostname www.amazon.com.encrypted-inquiry.cn, which resolves to an IP address in Germany. Yesterday, a net abuse monitor reported on Usenet that it had a different IP address in Thailand. The site looks exactly like Amazon.Com and asks for your username, password and credit card information.
Never respond to an e-mail asking for your account or credit card information, no matter how official it looks. These are always scams, run professionally by criminals who will rapidly hit your accounts for everything they can get and are unlikely to ever be caught. Most operate outside the U.S., as this globe-trotting Chinese/German/Thai effort demonstrates.
Considering the importance of ecommerce, browser users need more help detecting these scams. I could tell that the host encrypted-inquiry.cn was suspicious because I am a domain name geek, and Amazon.Com would never use a host in China for American customers. A Microsoft program manager was not so lucky, falling for a similar e-mail because he had just ordered from Amazon.
The server monitoring company Netcraft offers a free Internet Explorer and Mozilla Firefox toolbar that warns users of known phishing sites, providing hosting information about each site you visit. When I installed it this morning, it already had the Amazon scam attempt in its database, alerting me not to visit before I loaded the page.
The toolbar displays detailed information about each site, revealing where it's hosted, what company controls the IP address, and how long it has been online. Toolbar links open detailed reports on each site.