Amazon Mistakenly Sends Out Gift Card Confirmations

Reading Time: ( Word Count: )

October 1, 2023
Nextdoorsec-course

Amazon unintentionally dispatched purchase confirmation emails regarding Hotels.com, Google Play, and Mastercard gift cards, causing concern among customers about the security of their accounts.

These emails were distributed last evening. Customers claimed they received a trio of separate messages from Amazon Prime, each pertaining to a supposed gift card purchase. Nonetheless, these purchases were absent from their Amazon Prime accounts. One Reddit user mentioned, “I was baffled when I got three consecutive gift card emails from Amazon (store-news@amazon.com).” This sentiment echoed across the platform, with multiple Amazon users affirming similar experiences.

The matter was also widely discussed on various social media channels. Notably, cybersecurity expert Mike Grover, known as MG, posted screenshots of the emails in question on platform X.

These emails bore subject lines like “Crucial details regarding your Hotels.com gift card order” and originated from the address store-news@amazon.com.

Also Read: FBI Flags Escalating Trend of Paired Ransomware Threats

Amazon Mistakenly Sends Out Gift Card Confirmations

The email content began with, “We appreciate your purchase of Hotels.com gift cards via Amazon.com.” It further cautioned customers about potential scams involving renowned brand gift cards and offered more insights on the topic.

It read: “Numerous deceptive schemes exist where swindlers aim to dupe individuals into paying using popular brand gift cards. For a deeper understanding of frequent deceptive tactics involving gift card payments, please tap the button below or reach out to us directly.”

The provided ‘See more information’ button directs users to an Amazon.com page elaborating on how gift cards often become instruments of digital fraud.

An examination of the email’s technical details confirms its origin. The headers reveal the use of Amazon Simple Email Service (SES), along with successful DKIM and SPF authentication. This suggests that these emails genuinely originated from Amazon.

Though there hasn’t been an official response from Amazon’s PR team, a representative from their support team informed BleepingComputer that the emails were erroneously dispatched to their entire customer base.

Lucas Maes

Lucas Maes

Author

Cybersecurity guru, encryption wizard, safeguarding data with 10+ yrs of IT defense expertise. Speaker & author on digital protection.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *