Hey there – welcome to Wednesday. You know all of those fake or phishing emails you get, warning you that an account (with a bank you don’t do business with) is shutting down and that you’d better do something promptly to prevent the action? Oh, I’m sure you’ve gotten them; we even got an email last week from someone within our own banking system warning us of something dire. We contacted our bank and sure enough, someone had stolen this employee’s identity and was using their name and title to spread false information (or worse).
 
Rob and I feel like we have pretty good radar when it comes to this stuff. So when I saw this email come into my inbox from aws-verification@amazon.com I was pretty sure it was bogus. Except that it wasn’t. Here it is:

Hello,

We believe that an unauthorized party has registered an Amazon Web Services (AWS) account with your visa ending in 10. To protect your information, and to stop any potential service charges, we have closed this account and cancelled any pending services.

Please note that AWS is separate from Amazon.com. AWS is primarily used by website owners and developers. This notification is not related to a physical order on Amazon.com.

We recommend that you review all recent activity on this card and report any unauthorized charges to your financial institution.

We are unable to provide information about how your credit card was obtained, since it occurred outside of Amazon.com. Some techniques include: using malicious software to capture a user’s keystrokes, trying common passwords, and sending fraudulent emails that request account information (known as “phishing”).

If this account was closed in error, please let us know by replying to this message and we will reinstate the account for you.

For information about safe online shopping, visit the “Security & Privacy” section of our Help pages.

I was about to delete the email when I showed it to Rob. And just to be extra sure, he looked at our VISA statement. Sure enough, there it was: a purchase for about $1.50 on something called Amazon Web Services. We knew it was fake because we’d never buy something that small and we rarely use Amazon.com, never mind a so-called web service (except for the site you’re reading this journal on).
 
Just as the letter recommended, we contacted our bank. They shut down that VISA card immediately, an action that caused more than a little hassle, as we were on the road bouncing between Ottawa and Toronto during that time and I had to have them send my new card to a branch in Ottawa, crossing my fingers that it would arrive before I had to fly off to Halifax and then California.
 
It all worked out – except for the charities that automatically receive donations through that card, which we have to contact – and we were fortunate that Amazon caught and alerted us to the purchase and that we paid attention.
 
We’re told this is how it works: back in the day when a card number was stolen, thieves would make a credit card call via pay phone. If the card worked, they knew they could go ahead and use it on some big ticket items. Now, with the paucity of pay phones, they’ve moved on to other means. Thus the so-called web service purchase.
 
I’ll never stop purchasing online or using my card, period. I’m not afraid and I’m certainly not going to be cowed into changing my spending habits. I’ll just continue to be careful.
 
Kudos to Amazon for alerting us like this. We’re grateful to have paid attention and helped shut down this one attempt. We just all have to be in this together. And I hope if you see an email like the one we got, you won’t be as quick to blow it off as fake, as we initially were. Live and learn, right? Back with you here tomorrow.