I recently received an email message with the subject “San Diego Site Leadership and Management Team sent you an Amazon Gift Card!”, sent to my work address, apparently from “
Amazon.com Gift Cards <firstname.lastname@example.org>“.
I was suspicious because there was no mention of my employer’s name, just a generic message:
Please enjoy this $50.00 Amazon gift card to purchase
an item of your choice to kick-off Q4 and in recognition
of your hard work. We appreciate you!
It included a plausible looking “Claim Code” for the gift card. The code resembles “TIAT-UTAHBX-3V4T”. (The actual code has the same pattern of uppercase letters and decimal digits.)
To be clear, I haven’t clicked on any links in the email or tried to use the claim code, and I don’t intend to.
I checked with my employer, who confirmed that they had not sent it, and with Amazon support, who confirmed that I had not been sent an email gift card.
So far, this sounds like an ordinary phishing attempt, which I would just report and ignore, but here’s the strange part.
I’ve examined the headers and saw no suspicious links. There were several links within the email (none of which I clicked) that led to amazon.com URLs, plus sharing links at the bottom for Facebook, Twitter, Instagram, and Pinterest. As far as I can tell, even if I fell for this phishing attempt, no information would get back to whoever sent it. The claim code is presumably invalid, but if I tried to redeem it I presume it would simply fail (that’s according to Amazon support).
So my question is — what’s the point? Is this kind of phishing email without any dangerous links common? Is there any way the sender could benefit, or harm me, if I clicked on a link that goes to an amazon.com address?
I’m hesitant to share the entire message, but please let me know if more information would be helpful.