Phishing email: your Amazon account is being suspended

Updated at: Sep 14, 2020
By Gatefy

Phishing email impersonating Amazon.

We're going to talk about a phishing campaign that has been using Amazon's name and brand. The threat has been detected and blocked by Gatefy's email security solution. As it uses the Amazon logo and the same branding, many users may be mistaken. But beware: as we said, this is a phishing scam.

The malicious email starts like this: “You are receiving this email because you are an Amazon customer”.

Then the email states that, due to a problem involving billing information, your Amazon account has been temporarily suspended. Worse, it will be deleted if you don't access the link in the email and fill in new information within 24 hours.

Right before the "Login to my account" button, the email also claims that, if you provide incorrect information, your account will be permanently closed.

At this point, you’re already worried. But a few signs reveal that it’s a fraud. Before taking a look at this, let's quickly explain what phishing is.

After all, what is phishing?

Phishing is a cyber scam that never goes out of trend. According to the FBI, it’s the scam with the highest number of victims in 2019.

Phishing is a cyber crime that occurs when a hacker impersonates a brand or a person to deceive others. Email is the main vector of the threat, but the fraud also happens by phone, social network and SMS.

The goal is usually to steal sensitive information, such as credit card details.

Analyzing the phishing email that impersonates Amazon

Phishing emails always have some noticeable features. Let's take a look at them.

1. Sense of urgency: your amazon account will be deleted

The malicious email says that you have a problem with your billing information and if you don't solve it your Amazon account will be deleted. You have 24 hours to access the link, which is a bad one, and update your data.

The sense of urgency is one of the main features of phishing scams. It forces you to act fast, and this is where the danger lies.

2. Amazon “knows” you

The email isn't just addressed to you, it quotes your name. This isn't a characteristic of all phishing scams, but it's a widely used tactic because it guarantees more credibility to the scam, which increases the chances of you falling for the fraud.

In the case of the email we're analyzing, the message already starts creating a sense of closeness. It uses the word "dear" and then your name. In other words, Amazon "knows" you, and you know Amazon. It's all right. Except it isn't.

To create even more familiarity, the scammer uses the following phrase:

“This form verifies your identity and ownership of the payment instrument. Failure to provide the requested documents may result in permanent account closure”.

3. Spoofing: the sender is fake and the website is fake

The malicious link embedded in the email directs you to an Amazon-like login page, requesting username and password information. Once the information is filled in, phishers will have access to your account and then they can use the information available there for further scams.

The URL of the supposed Amazon login page has nothing to do with the e-commerce giant: https://services-and-other-social-will-be-shown-here.com.

Another factor that can lead many people to fall for this phishing scam concerns the email sender, which looks legitimate: billing-problem@amazon.com.

But further evaluation shows that the address was spoofed, the real one being noreply.telegram-message34@goblingreen.dashboardcloud.app.

To make the scam even more effective, phishers used a technique called invisible text or hidden text. This happens when cybercriminals add text blocks to the message so that the email isn't filtered by an email protection solution and falls into the spam box.

Blocking phishing attacks

In cases of malicious emails, such as phishing, our protection and security tip is to look carefully at urgent emails that require quick action.

Never click on suspicious links and attachments. Besides that, always check names, URLs, email addresses, and other important information that's contained in the email.

These tips apply to business and personal use as well.

In fact, in the case of businesses, to help your company fight phishing and other threats, such as ransomware and trojan, Gatefy provides email protection solutions. Request more information or a demo:

Take a look at how the malicious email looks like

The email content is reproduced as we detected it, including any grammatical errors.

"Immediate action required: Your Amazon is being suspended.

Dear (your name),

You are receiving this email because you are an Amazon customer.

We have noticed some activity on your billing account that has prompted us to suspend the us od this account temporarily.

We will delete your Amazon account unless the billing owner corrects the violation by filling out the account verification form in 24 hours.

This form verifies your identity and ownership of the payment instrument. Failure to provide the requested documents may result in permanent account closure.

Login to my account".