An email phishing attack purporting to be sent from Amazon Web Services (AWS) is currently circulating.
This zero day threat preys on the trust of Amazon customers and mimics characteristics of Amazon brand communications to fool customers into believing this email is legitimate.
Here is a screenshot of the type of email to watch out for:
As you can see above, the email appears to originate from, ‘Amazon’, and alerts the recipient of account suspension.
The email directs the victim to update their payment information in order to remove the suspension from their account.
The destination page is a replica of the official Amazon login. At this point, it is easy to identity this as a phishing scam considering the non-legitimate URL in the website address field.
To the untrained eye, however, it is easy to be tricked into submitting your login credentials and signing into Amazon’s ‘secured server’ directs you to the following page:
As you can see in the screenshot above, the user has not actually logged into their Amazon account. They have simply submitted their details via a fraudulent login page.
At this point, the victim is prompted to enter their billing details to verify their address.
Entering this residential information leaves the victim vulnerable to future attacks, and provides the cyber criminals with valuable security information which can be used to verify and gain access to a number of related accounts
The final piece of this phishing scam, prompts the victim to enter their credit card credentials and confirm two further security verification elements (date of birth, and mother’s maiden name).
In just minutes, the victim has provided the scammer with access to:
- Their Amazon Web Services account.
- The credit/debit card they entered as ‘billing information verification’.
- Answers to security information questions many account providers will ask to confirm identity.
As a precaution, we urge you not to click links within emails that:
- Are not addressed to you by name.
- State an order confirmation for an item you didn’t purchase. Login to your Amazon account to verify whether an order matches the details in the email.
- Threaten to suspend or close your account if you do not respond.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Amazon Web Services offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report phishing, by emailing them at firstname.lastname@example.org.
Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.