Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    • Blog
      • /
    • Phishing
      • /
    • Phishing Attacks Impersonating Amazon Continue, Raising Concerns on the Cusp of Black Friday and the Holidays

    Phishing Attacks Impersonating Amazon Continue, Raising Concerns on the Cusp of Black Friday and the Holidays

    Stu Sjouwerman | Nov 25, 2021

    amazon-impersonation-phishing-emailsNew phishing attacks in the form of impersonated Amazon order confirmation emails cause potential victims to make phone calls and give up credit card details.

    If you’ve been to a mall in the last few weeks, you already know the holidays have started. Whether it’s simply a coordinated effort to get us in the holiday spirit or in response to people wanting to get ahead of potential shortages in inventory come December, we’re fully in holiday mode here in the U.S.

    That has traditionally meant more phishing attacks attempting to take advantage of unwitting victims. According to anti-phishing security vendor Avanan, a new campaign impersonating Amazon launched in October and is taking victims for credit card details, as well as harvesting phone numbers for potential text-based scams in the future.

    The email does have elements of an actual Amazon email, but a scrutinizing look at the presentation tells those with a keen eye that something is amiss:

    amazon-impersonation-phishing-email

    Recipients that press the “View or Manage Order” button are taken to the actual Amazon website (where, of course, the order in question does not exist). The confusion alone may be enough to cause victims to call the number in the email (which is far more readily available to the email recipient than navigating through Amazon’s site to find the actual customer service number.

    We’ve seen this Amazon impersonation attack before earlier in the year, using the very same tactics with the same goal of getting the victim to call online. The only difference with that attack was that the “View or Manage Order” button did not work, forcing victims to call. This new attack feels more legitimate since you can be taken to the Amazon site by clicking the button in the emails used.

    Given organizations can equally fall prey to such scams (as they, too, purchase items from Amazon), this should warrant some attention by those vigilant against phishing attacks. Employees that undergo Security Awareness Training are best prepared to spot this scam (and those like it) as a fake, rendering the attack useless.

    Topics: Phishing

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All