Category
UncategorizedJoin thousands of security professionals who receive Craig Peterson's Insider Show Notes and cybersecurity updates.
One reader caught this typosquatting scam before clicking — here's how the hosers are stealing Amazon credentials with a single character trick
One of my readers forwarded me an email this week that looked like it came from Amazon. "Unauthorized purchase detected on your account. Verify immediately or lose access." The email address? security@amaz0n-alerts.xyz. See it? That's not an "o" in Amazon. It's a zero. The hosers registered a lookalike domain and sent thousands of emails claiming unauthorized purchases. Click "Verify Your Account" and you land on a page that harvests your Amazon login credentials. Here's how the scam works and what to do if you get one.
Here's what the email looked like:
From: security@amaz0n-alerts.xyz
Subject: Unauthorized Purchase Detected on Your Account
Body:
"We detected an unauthorized purchase of $347.99 on your Amazon account. If you did not make this purchase, verify your account immediately to prevent further charges."
"Click here to verify your account: [Verify Now]"
"Failure to verify within 24 hours will result in permanent account suspension."
Classic pressure tactics:
Most people don't look closely at the sender's email address. They see "Amazon," they see a security alert, they panic, and they click.
Typosquatting (also called domain spoofing or URL hijacking) is when scammers register domain names that look almost identical to legitimate websites. They rely on you not noticing the tiny difference.
Common typosquatting tricks:
Real: amazon.com
Fake: amaz0n.com (zero instead of "o")
Fake: amaz0n-alerts.xyz (this actual scam)
Real: paypal.com
Fake: paypai.com (i instead of second l)
Fake: paypall.com (extra l)
Real: microsoft.com
Fake: microsoft.net
Fake: microsoft-support.xyz
Real: bankofamerica.com
Fake: bank-of-america.com
Fake: bankofamerica-security.com
Why it works: Your brain sees what it expects to see. You're used to seeing "amazon.com" so when you glance at "amaz0n-alerts.xyz," your brain autocorrects it. You don't consciously register the zero or the weird domain extension. That split-second of inattention is all the hosers need.
If you click the "Verify Your Account" link in that fake Amazon email, here's what happens:
Step 1: You land on a fake Amazon login page
The page looks exactly like the real Amazon login. Same colors. Same logo. Same layout. The URL might even say something like "amazon-verification.xyz" or "secure-amazon.net" — close enough that you don't notice it's not amazon.com.
Step 2: You enter your Amazon email and password
You're trying to "verify" your account, so you type in your Amazon credentials. The page might even ask for your two-factor authentication code to make it look more legitimate.
Step 3: The scammers now have everything they need
Your email, password, and potentially your 2FA code. They log into your real Amazon account. They change your password. They order expensive items using your saved payment methods. They change the shipping address to a package forwarding service. By the time you realize what happened, they're gone and you're stuck disputing fraudulent charges.
This isn't a hypothetical. This is exactly what happens. Thousands of people fall for these typosquatting scams every week.
I've been in cybersecurity for 50 years. I present to FBI InfraGard. My clients have a perfect track record against ransomware attacks. And my own father still fell for a phishing email.
It happened on a Tuesday. He got an email that looked like it came from his bank. There was a problem with his account. Click here to verify. He clicked. He entered his credentials.
My stepmother noticed a remote access program running on his computer and called me. I connected remotely and found scammers actively searching his hard drive for financial documents. They were looking for a spreadsheet with all his bank account numbers and passwords.
We caught them before they found it. We were lucky.
That's when I asked myself: What would I build if the person I was protecting was my father?
The answer was ForwardToSafety.
Time to verdict: 47 seconds
Result: Dangerous
Threats detected:
No software to install. No technical knowledge required. Just forward the suspicious email to [email protected] and get a plain-English verdict: Safe, Suspicious, or Dangerous.
Don't just look at the sender's display name ("Amazon Security"). Click on it to see the actual email address. Real Amazon emails come from @amazon.com. If you see @amaz0n-alerts.xyz or @amazon-security.net or any variation, it's fake.
Pro tip: Bookmark the real websites you use frequently (amazon.com, paypal.com, bankofamerica.com). Always go to these sites through your bookmarks, never through email links.
If you get an email about an unauthorized Amazon purchase, don't click the link in the email. Close the email. Open your browser. Type amazon.com yourself. Log in. Check your recent orders. If there's really an unauthorized purchase, you'll see it there.
The same goes for bank emails, PayPal, Social Security, Medicare, or any other account. Don't trust the email. Go to the official website yourself.
When in doubt, don't guess. Forward the suspicious email to [email protected]. You'll get a verdict in about 47 seconds: Safe, Suspicious, or Dangerous.
No signup. No app. No technical knowledge required. Just forward and know for sure.
Got a suspicious email sitting in your inbox right now? Don't guess whether it's real. Forward it to [email protected] and get a plain-English verdict in under a minute.
No signup. No app. Just forward and know for sure.
Typosquatting scams work because your brain sees what it expects to see. One reader caught this fake Amazon email before clicking, but thousands of others didn't. The hosers registered amaz0n-alerts.xyz (with a zero instead of an "o"), sent emails claiming unauthorized purchases, and harvested Amazon credentials from anyone who clicked. Always check the sender's email address. Always go to the real website yourself instead of clicking email links. And when you're not sure, forward the suspicious email to ForwardToSafety and get a verdict in under a minute. That's how you stay one step ahead of the hosers.
#Typosquatting #AmazonScam #PhishingEmail #CredentialHarvesting #DomainSpoofing #OnlineSafety #CyberSecurity
Want weekly scam alerts and security insights that protect your retirement? Sign up for my Insider Notes Newsletter at CraigPeterson.com.
No hype. No jargon. Just practical guidance to keep you safe online.
Join 10,000+ cybersecurity professionals