Someone I know has been getting emails from Amazon for quite a while. You and I know that they weren't actually from Amazon. It's just as easy to forge the from-address on an email as it is on a paper letter.
The email was asking to update the card details, and gave a link to click on.
That link wasn't Amazon, of course, but it was made to look like Amazon, which is very easy - you just copy their page.
And if you give the card details, that goes to the fraudster. Who then bought pizza, in large amounts.
Not a huge financial disaster, but bad enough.
In this blog, I've often shown spam which looks very realistic. And even one that looked fake, but turned out to have genuinely come from the VAT authorities in Hungary. So what can you do?
One simple rule. If you feel the need to go to a web site, don't do it by clicking on the link. Type the name (Amazon.co.uk, or Paypal.co.uk, or whatever) into your browser URL bar. Remember that the from-address in an email is as easy to forge as the from-address in a paper letter.