Oops! Amazon Sparks Hacking Panic After Mistakenly Emailing Gift Card Receipts
Over the weekend around September 30th, Amazon customers began to report that they had received an email about an Amazon order for a gift card purchase for hotels.com, Google Play, or Mastercard. This email then linked out to an Amazon page regarding Amazon.com gift card scams, which outlined several common scams that ask for payment in some form or another. Security researcher MG, who is behind the O.MG cable, posted to X explaining that the emails seemed legitimate, but there were no actual purchases behind them. They noted that “So far no official comms from Amazon, but several people were told by support that it was an educational campaign.”
Since then, an official explanation has come out from Amazon stating that the email was sent in error, though no more details were provided. It is unclear if this was meant to be an internal phishing test or one for select “at-risk” customers, but regardless, it went out to significantly more people than it likely should have. Even a few of us here at HotHardware got one of the mysterious gift card emails.
At the end of the day, this is a good opportunity to be aware of phishing emails and how they work. The Cybersecurity and Infrastructure Security Agency (CISA) notes that people should look for suspicious sender email addresses, generic greetings, spoofed hyperlinks, spelling or layout errors, and suspicious attachments that might indicate a phishing email. You never know when you might be hit, not only by email but any social media platform, so it is always good to be wary.
