Digging deeper into an email is one of my favorite things.
On 19 February 2021, I reported on this scam Amazon email:
On 23 February, I was digging deeper after reporting on a scam WhatsApp email. I looked closer at the email source.
You can see the same email reported on 19 February is embedded in the source of the WhatsApp email.
Looking closer at the email source, I see an encoded PDF document.
Decoding that information recreated the PDF document:
Same PDF, same malicious link as in the fake Amazon email.
You have to applaud the economy of scale of these scammer donkeys!