Amazon Phishing Scam Reported; Targeting Credit Card Information

Subscribe to Our Blog

Recently, the news platform HackRead reported that a new Amazon phishing scam is circulating that is designed to trick the victim into handing over their personal and financial information.



The email claims that there was suspicious activity on the account, and it urges the user to reset their login and credit card information within 24 hours, or the account will be deactivated. The email is formatted with Amazon’s logo, and it claims the email is from Customer Support. It even uses a layout and font style that simulates real Amazon emails.

If a user clicks the “Update Now” button in the email,
they’ll be taken to a convincing imitation of an Amazon login page. After they
enter their login credentials, the phishing page will display a form asking for
their name, address, city, state, ZIP code, phone number and date of birth.
Next, the user will be asked to provide their credit card and bank account
information.

Once that information is entered, the phishing site informs the
victim that their account has been recovered and says they’ll be automatically
logged out. The victim is then redirected to the real Amazon website.

The email has several red flags like typos and bad grammar,
but, even if the emails are perfect—which they often are these days—it is always
a bad idea to click on the link in the email. Instead, you should go directly
to Amazon using your web browser and see if your account has any notifications.

Protect your organization with security awareness training

Phishing scams are on the rise. In fact, about 83% of organizations confirm that they were targeted by a phishing attack in 2018—a 7% increase from 2017. With these overwhelming statistics, it’s imperative for organizations to start focusing on how to better secure their business from cyberattacks.

At MainSpring, we recommend building up your last line of
defense: your end users. The Automated
Security Awareness Program (ASAP)
offers new-school security awareness
training that will teach your employees to recognize red flags before they fall
victim to a phishing attack.