Today we're going to talk about a new phishing campaign that has been using Amazon's name and brand. The threat has been detected and blocked by Gatefy email security solution. And as it uses the Amazon logo and the same branding, many users may be mistaken. But beware: as we said, this is a phishing scam.
The malicious email starts like this: “You are receiving this email because you are an Amazon customer”. Then the email states that, due to a problem involving billing information, your Amazon account has been temporarily suspended. Worse, it will be deleted if you don't access the link in the email and fill in new information within 24 hours.
Prior to the "Login to my account" button, the email also claims that, if you provide incorrect information, your account will be permanently closed. “This form verifies your identity and ownership of the payment instrument. Failure to provide the requested documents may result in permanent account closure”.
The malicious link embedded in the email directs you to an Amazon-like login page, requesting username and password information. Once the information is filled in, phishers will have access to your account and then they can use the information available there for further scams.
The URL of the supposed Amazon login page has nothing to do with the e-commerce giant: https://services-and-other-social-will-be-shown-here.com.
Another factor that can lead many people to fall for this phishing scam concerns the email sender, which looks legitimate: firstname.lastname@example.org. But further evaluation shows that the address was spoofed, the real one being email@example.com.
To make the scam even more effective, phishers used a technique called invisible text or hidden text. This happens when cybercriminals add text blocks to the message so that the email isn't filtered by an email protection solution and falls into the spam box.
To wrap it up, our protection and security tip in these cases is to look carefully at urgent emails that require quick action. Never click on suspicious links and attachments and always check names, URLs, email addresses and other important information that is contained in the email.
Take a look at how the malicious email looks like
"Immediate action required: Your Amazon is being suspended.
Dear (your name),
You are receiving this email because you are an Amazon customer.
We have noticed some activity on your billing account that has prompted us to suspend the us od this account temporarily.
We will delete your Amazon account unless the billing owner corrects the violation by filling out the account verification form in 24 hours.
This form verifies your identity and ownership of the payment instrument. Failure to provide the requested documents may result in permanent account closure.
Login to my account".