Amazon is an eCommerce company that currently has US$14.541 billion in operating income in 2019. This eCommerce giant has been one of the go-to shopping platforms of people now more than ever because of lockdown implementation caused by COVID-19.
As many are ordering their stuff online as it’s safer than leaving the house excessively, Amazon has been a staple in people’s lives. Because of this, Cybercriminals were able to capitalize on this “new normal” situation and created several attacks that target Amazon customers.
Amazon Phishing Attack
Based on the findings, the phishing email came from a legitimate third-party vendor but impersonates Amazon. The “Amazon” email is informing the victim that the delivery of their order has failed. Thus, they will need to update their payment information within 3 days; otherwise, the order will be canceled.
Here is the screenshot of the phishing email:
Once the “Update my billing” link is clicked, the victim will be led to a look-alike website with a phishing scheme where they will be asked to enter their login credentials, billing address, and credit card details.
After the phishing attack is successfully carried out, a “success” message will be shown on the screen. Users affected will be involuntarily redirected to the real Amazon Home page without ever noticing that they have been a victim.
The attack has been categorized as “Zero-day” as these are newly created domains and hasn’t been detected by anyone yet to be flagged as a suspicious domain. The fake Amazon domain used is – sttppcappr[.]com. As per the Fake email, the source email was named “Support Reply,” which doesn’t look suspicious at all.
Many can be fallen as victims in this attack as Cybercriminals use a sense of urgency as leverage in this attack and a flawless fake Amazon website.
The Vishing Attack
In this other scheme, attackers sent an email that pretends to be a legitimate email from Amazon denotes an order made. The email highlights a “Fraud Protection Team” contact information to be called just in case the order was not placed by the victim.
The vishing attack takes place once the target victim calls the “Fraud Protection Team,” – which then be assisted by a real person whose goal is to acquire personal information of the victim. This information consists of the Order number, Name, credit card details. Once this information was obtained, the phone number of the victim will be blocked.
As per the investigation, the email came from a Gmail account that impersonates Amazon.
The fake order in question involves a huge amount of money, as well as the sense of urgency involved, victims will likely fall into this trap.
Here at iZOOlogic, we do what we preach. As a value add, we campaign information and tips to large scale industries that are most vulnerable that are targeted by cybercriminals. We offer cybercrime solutions to these industries to help prevent and mitigate the effects of such fraudulent activities.
