Catch Of The Week: Your Prime Subscription Hasn’t Expired. That Email Is Lying.

By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post

You open your inbox and there it is. A slick-looking email from Amazon Prime Video. Your subscription has expired. Payment failed. Click the link below to renew. 

Panic sets in. You don’t want to lose your shows. You haven’t even finished watching “Sheep Detective”! That’s exactly what they’re counting on.

This week’s catch is a subscription expiration phishing scam, and it’s one of the most common lures in the phisher’s tackle box right now. The email looks legitimate. It has the Prime Video logo, a grid of familiar show thumbnails, and official-sounding details like a subscription ID number and an expiration date. It even lists today’s date, which makes it feel urgent and real.

But look closer.

The display name says “Gary Levy.” The subject line says “RE: Reservation,” which has nothing to do with a streaming subscription. There was no prior conversation. The “RE:” is fake, designed to make the email look like part of an ongoing thread so it feels familiar and slips past your suspicion.

And the actual sending address? mjonguezdem@outlook.fr. That’s a randomized username on a French Outlook account. Amazon sends account emails from addresses ending in @amazon.com. Not from a personal webmail account registered overseas with a string of random letters in the name.

Phishing email received by Rebecca Rutherford. Courtesy photo

The goal is to get you to click that blue button at the bottom. Where it goes is anyone’s guess. Probably a convincing fake login page harvesting your Amazon credentials, your payment information, or both.

Here’s how to protect yourself. Never click links in emails about expired accounts or failed payments. Instead, open a fresh browser tab and go directly to the company’s website. Log in there. If something is actually wrong with your account, you’ll see it. If everything looks fine, the email was fake.

Always check the actual sending address, not just the display name. Tap or click on the sender’s name to expand the full header. If the address behind the friendly name looks nothing like the company it claims to represent, you’re looking at a phish.

When in doubt, don’t click. Go directly to the source. Your binge queue will thank you. Have a question on cyber security? Let me know! Also catch my talk at the senior center at 1:30 p.m., July 14.

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.

Search
LOS ALAMOS

ladailypost.com website support locally by OviNuppi Systems