Amazon unintentionally dispatched purchase confirmation emails regarding Hotels.com, Google Play, and Mastercard gift cards, causing concern among customers about the security of their accounts.
These emails were distributed last evening. Customers claimed they received a trio of separate messages from Amazon Prime, each pertaining to a supposed gift card purchase. Nonetheless, these purchases were absent from their Amazon Prime accounts. One Reddit user mentioned, “I was baffled when I got three consecutive gift card emails from Amazon (email@example.com).” This sentiment echoed across the platform, with multiple Amazon users affirming similar experiences.
The matter was also widely discussed on various social media channels. Notably, cybersecurity expert Mike Grover, known as MG, posted screenshots of the emails in question on platform X.
These emails bore subject lines like “Crucial details regarding your Hotels.com gift card order” and originated from the address firstname.lastname@example.org.
The email content began with, “We appreciate your purchase of Hotels.com gift cards via Amazon.com.” It further cautioned customers about potential scams involving renowned brand gift cards and offered more insights on the topic.
It read: “Numerous deceptive schemes exist where swindlers aim to dupe individuals into paying using popular brand gift cards. For a deeper understanding of frequent deceptive tactics involving gift card payments, please tap the button below or reach out to us directly.”
The provided ‘See more information’ button directs users to an Amazon.com page elaborating on how gift cards often become instruments of digital fraud.
An examination of the email’s technical details confirms its origin. The headers reveal the use of Amazon Simple Email Service (SES), along with successful DKIM and SPF authentication. This suggests that these emails genuinely originated from Amazon.
Though there hasn’t been an official response from Amazon’s PR team, a representative from their support team informed BleepingComputer that the emails were erroneously dispatched to their entire customer base.