Oops! Amazon Sparks Hacking Panic After Mistakenly Emailing Gift Card Receipts

amazon sends out phishing email accidentally raising awareness of scams
Phishing emails traditionally come from threat actors looking to make a quick buck or steal some data for nefarious purposes. Things get confusing, however, when phishing-style emails come directly from an organization like Amazon. That is exactly what happened over the weekend, leaving many customers baffled. Thankfully, these emails were benign and just a note about the dangers of phishing and general scams, which is a good occasional warning anyhow.

Over the weekend around September 30th, Amazon customers began to report that they had received an email about an Amazon order for a gift card purchase for hotels.com, Google Play, or Mastercard. This email then linked out to an Amazon page regarding Amazon.com gift card scams, which outlined several common scams that ask for payment in some form or another. Security researcher MG, who is behind the O.MG cable, posted to X explaining that the emails seemed legitimate, but there were no actual purchases behind them. They noted that “So far no official comms from Amazon, but several people were told by support that it was an educational campaign.”

email amazon sends out phishing email accidentally raising awareness of scams

Since then, an official explanation has come out from Amazon stating that the email was sent in error, though no more details were provided. It is unclear if this was meant to be an internal phishing test or one for select “at-risk” customers, but regardless, it went out to significantly more people than it likely should have. Even a few of us here at HotHardware got one of the mysterious gift card emails.

notice amazon sends out phishing email accidentally raising awareness of scams

At the end of the day, this is a good opportunity to be aware of phishing emails and how they work. The Cybersecurity and Infrastructure Security Agency (CISA) notes that people should look for suspicious sender email addresses, generic greetings, spoofed hyperlinks, spelling or layout errors, and suspicious attachments that might indicate a phishing email. You never know when you might be hit, not only by email but any social media platform, so it is always good to be wary.