It's a form of "brandjacking," when a well-known company or consumer product is used by online scammers. Among the latest incidents to pop up: fake Amazon.com invoices for items people didn't order.
In one example we've seen, the official-looking e-mail arrived with details on two supposed electronics orders from Amazon.com, including a $4.49 order for iPad screen protectors. The shipping charge on the tiny order: a whopping $74.98.
Another suspicious tipoff: The supposed Amazon.com e-mail definitely was not from Amazon.com's corporate office.
Although these types of e-mails don't ask for personal financial information, they're considered a type of "phishing," where cyber-criminals send out phony e-mails in hopes of getting you to click on links or provide personal information, such as bank account and Social Security numbers, said Sarah Dalton, spokeswoman for the California Office of Privacy Protection.
"These are 'bad guys' who are attempting to steal from you," Dalton said. "If you have already given out any personal financial information such as your credit card number or password, change the information right away."
Her additional advice:
Never respond to out-of-the-blue requests for personal financial information. Only give out such information if you initiate the contact.
Never click on links in those types of "request" e-mails.
If you think the request is legitimate, contact the company or organization by means other than what is provided. If it's an e-mail supposedly from your financial institution, for instance, use the 800 number from your bank statement or the back of your credit card.
Nat Wood, spokesman for the Federal Trade Commission, recommends that individuals report phony e-mails to the commission at "firstname.lastname@example.org," so the information is available to law enforcement.
Amazon also allows consumers to report suspicious emails at www.amazon.com (Click on "Help").