Seeing the fact that Amazon is the World’s largest retailer it’s surprising that there aren’t more of these scams, but this one sticks out as particularly deceptive. Often cyber criminals beta-test their campaigns in English speaking countries like the U.K. and Australia and then unleash a much larger attack on the U.S. You can see a sample of the screen shot here.
Our friends at Malwarebytes picked up on a phishing scam targeting Amazon users. The emails claim to be from Amazon’s customer service, and falsely state that a small number of accounts were breached last month.
The hackers use a clever social engineering trick which requires the victims to complete a, or else their account will be restricted. But when the user clicks the link to verify their account, they are redirected to a site that mimics Amazon where they need to login and provide personal information, payment card details and security details. The attack was traced back to Chinese cyber criminals.
I recommend you send the following to your employees, friends and family.
“Cyber criminals are attacking Amazon users with a phishing campaign that falsely claims a small number of accounts have been hacked. The email starts with an “Important Notice” and you are required to “verify” your Amazon account, by providing payment card information and security details. The email threatens that if you do not comply with the verification process, restrictions may be placed on your account.
“Well, Think Before You Click. The email is a scam to try to trick you into revealing your credit card information and more. If you see an email like this that has not been caught by any spam filter, delete it. Remember the rule: “If In Doubt, Throw It Out!” Stay safe out there.”[su_box title=”About Stu Sjouwerman” style=”noise” box_color=”#336588″]
Stu Sjouwerman is the founder and CEO of KnowBe4, which hosts the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. Realizing that the human element of security was being seriously neglected, Sjouwerman teamed with Kevin Mitnick, the world’s most famous hacker, to help organizations manage the problem of cybercrime social engineering tactics through new school security awareness training. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.[/su_box]
Founder and CEO
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.