Monday 16 September 2013

Scam: Amazon complimentary £50.00 Gift Card

I looked at my inbox today and saw what initially looked like a very generous offer from Amazon - too good I thought... But the email looked pretty genuine - the to and from addresses were good (though full email headers revealed a potentially dubious return address), the graphics and wording seemed pretty good. The only odd thing was that they used a tinyurl.com redirection, which is something they don't normally do. Plus unfortunately tinyurl.com don't make it easy to find out where their links actually take you without clicking on them. So I clicked on it and it brought up a very good version of  Amazon's login page. The URL looked curious as it wasn't your normal 'http' scheme, it was a 'data' one (e.g. data:text/html;base64,PCFET0NUWVB...) which I'd not see much. What they have done is encode the entire page in the URL using 'base64' encoding. Looking at the links on the page they all seem genuine on the surface but they have added their own subverted javascript which would steal your login and password if you attempted to login. You can decode the base64 encoding to check, either by viewing source on your browser or just to make sure by copying the whole URL and running:
base64 -D -i amazon-scam.url -o amazon-scam.html
Fortunately a few people have twigged that it's a scam and there's a discussion on Amazon's help pages

So basically if something looks too good to be true - it usually is!