Today I received a fake email from Amazon in which they offer an 85% discount coupon to use before Christmas. By the matter, the deception was already obvious. Congratulations! You Are The Winner of a Discount Coupon but for a moment it made me hesitate as it reached me at the email address I use on Amazon, it was not marked as spam, it is very well designed and a few days ago I made a purchase on the portal which is why they have been reaching me multiple Amazon emails.
But looking at the details the deception was clear. This is the catch:
The first thing that caught my attention was that to see the coupon you had to download it? The coupons are simply a code of letters and numbers, I found it very strange to have to download it and more when the destination of the link was not amazon.com:
Clicking ends in a website that shows misleading advertising to access a download, in this case the supposed coupon:
The advertising that appears is related to subscription services by SMS or surveys to be completed. Spammers earn a small commission for each user who completes all the steps, in the false email they also mention that the coupon will expire in 24 hours and you have to enter real information to confirm that we are not a robot, in other words they seek to subtly ensure that the victims put their real data in these advertisements since if they put false data the conversion is not carried out and they are not paid.
Another striking detail was that they addressed me in general, in other Amazon emails after the Hello They put my name to personalize the message, but in this case it does not appear, something that is typical in spam messages since they are sent in bulk to as many recipients as possible.
Finally comment that the source email appears to be a real address of @ amazon.com, but when you look in detail you can see that they are actually impersonating what is known as email spoofing and looking at the message header you could see more details about the system they used to send the spam.
When a strange address like the one in the previous image appears, the alarms must be activated, especially when all the other commented details are added.
Googling a bit you can find other variants of spam, like this case that they comment on the Amazon forum itself and where the false coupon is 1,000 dollars.