Seen the fact that Amazon is the World's largest retailer it's surprising that there aren't more of these scams, but this one sticks out as particularly deceptive. Often cyber criminals beta-test their campaigns in English speaking countries like the U.K. and Australia and then unleash a much larger attack on the U.S.
Our friends at Malwarebytes picked up on a phishing scam targeting Amazon users. The emails claim to be from Amazon's customer service, and falsely state that a small number of accounts were breached last month.
The hackers use a clever social engineering trick which requires the victims to complete a "verification process", or else their account will be restricted. But when the user clicks the link to verify their account, they are redirected to a site that mimics Amazon where they need to login and provide personal
information, payment card details and security details. The attack was traced back to Chinese cyber criminals.
I recommend you send this Scam Of The Week to your employees, friends and family. Feel free to copy/paste/edit:
"Cyber criminals are attacking Amazon users with a phishing campaign that falsely claims a small number of accounts have been hacked. The email starts with an "Important Notice" and you are required to "verify" your Amazon account, by providing payment card information and security details. The email threatens that if you do not comply with the verification process, restrictions may be placed on your account.
"Well, Think Before You Click. The email is a scam to try to trick you into revealing your credit card information and more. If you see an email like this that has not been caught by any spam filter, delete it.
Remember the rule: "If In Doubt, Throw It Out!" Stay safe out there."
Stepping end-users through effective security awareness training is a must these days. Find out how affordable this is for your organization and be pleasantly surprised: