When a victim clicks the “Update Now” button in the email, they’ll be taken to a convincing imitation of an Amazon login page. After the victim enters their credentials, the phishing page will present a form for them to input their name, address, city, state, ZIP code, phone number, and date of birth. Next, they’ll be asked to provide their credit card and bank account information.
Finally, the phishing site informs the victim that their account has been recovered and says they’ll be automatically logged out. The victim is then redirected to the real Amazon website.
This scam is intended to get as much information as possible out of the victim, and it probably works fairly well. A victim who has already fallen for the spoofed login page is unlikely to balk at entering their personal information, since that’s what the email told them they needed to do. Once they get to the financial information page, they’re already invested in the process and haven’t seen anything unexpected, so they’re less suspicious than if they’d been asked for their credit card number at the outset.
I suggest you send employees, friends and family an email about this Scam Of The Week, feel free to copy/paste/edit:
"Bad guys are targeting Amazon customers, urgently claiming you need to update your information within twenty-four hours or your account will be permanently disabled. They count on you getting worried and quickly act without thinking it through.
The email has several red flags like typos and bad grammar, but even if the emails are perfect—which they often are these days—it is a bad idea to click on the link in the email. Always, you should go directly to Amazon using your web browser and see if your account has any notifications. Think Before You Click."
There are multiple red flags that could have alerted observant users. The email has numerous typos and grammatical errors, and the urgent language and deadline are common social engineering ploys. Additionally, while the site’s URL attempts to hide behind a subdomain called “login-info-accountsetting-update,” the actual domain name clearly isn’t Amazon’s.
Even if none of these warning signs had been present, it’s still a bad idea to click the link provided in the email. Rather, you should go directly to Amazon using a web browser and see if your account has any notifications. New-school security awareness training can teach your employees to recognize red flags before they fall victim to a phishing attack.
HackRead has the story: https://www.hackread.com/new-amazon-phishing-scam-stealing-credit-card-data/