HQ/EMEAFind out how we can help your business
A newly discovered phishing operation is targeting Amazon Prime members. Based on reports, the operators are trying to steal various data, including login passwords, security answers, and payment information.
Moreover, these attackers distribute well-crafted emails impersonating Amazon, encouraging users to update their payment details due to an “expired” or “invalid” payment method.
According to researchers, this threat was delivered via an email that appears to be a legitimate notification from Amazon Prime. These messages notify recipients that their payment method has a problem.
The assessment of the phishing emails shows that they featured a spoofed sender name, Prime Notification. Still, they originated from an unrelated domain, a telltale sign of phishing attempts.
The new Amazon Prime phishing campaign takes advantage of panicking members.
The investigation into the phishing campaign targeting Amazon Prime members reveals that the operation generates a false sense of urgency. This urgency leads people to click on a bogus link that redirects them to a fake Amazon security verification screen.
However, this is one of the signs that recipients should look for, as it reveals that they have been redirected to Google Docs instead of Amazon’s legitimate website.
Once the user has passed the fake security screen, they are directed to a bogus Amazon login page designed to harvest passwords. Researchers recommend users double-check when connecting to websites and enable additional security measures such as MFA.
After entering their credentials, victims are prompted for additional verification information, such as their mother’s maiden name, date of birth, and phone number.
However, the phishing campaign is not limited to login credentials. Users are also prompted to input their billing address and payment information, which could include credit card details.
The researchers also noted that threat actors who gain the recipient’s residence information could potentially file a request to postal services to modify the victim’s address, routing mail and shipments to another location.
Similarly, stolen credit card information allows attackers to complete illicit transactions. If such details are exposed, threat actors may use them to initiate and authorise additional transactions.
Therefore, potential victims are asked to inform their banks immediately if they feel their card details have been taken to avoid further damage caused by this phishing attack.
