1. Email addresses
For privacy reasons, we had to redact the email addresses from the image; it appears this email was sent out from a hacked personal account. However, we can tell you that the From and Reply-to addresses were not Amazon addresses. While hackers can trick the "From" to give any name they want, if you hover your mouse cursor over the From name, or click on it, in most email services you'll see the actual address pop up after a few seconds.
In this case, the address was clearly a personal address. Even if the address did say "Amazon" in it, though, look for tricks like "amazon.something.com," or "firstname.lastname@example.org" where Amazon isn't the actual domain. Legitimate emails from Amazon will only end with "amazon.com".
Again, you couldn't tell this from the example above, but the links in the email weren't to Amazon. Instead, the email's links were to a form page on a random server that didn't say Amazon anywhere in the URL.
If you had gone there, there would likely be a spot to enter your Amazon username and password. Typing it in would have given the hackers access to your Amazon account.
To spot this trick in other emails, hover your mouse cursor over the button or link. You'll see the real link pop up after a few seconds. You could also right-click on the link, copy it and then paste it into a text document to see where it would really send you.