This time of year, 80% of holiday shoppers will use Amazon for some of their gift purchases (according to CPC Strategy).
The bad guys know this and have prepared some sneaky phishing schemes in order to cash in on the increase in online shopping traffic.
Hackers get gifts this time of year as well--in the form of highly sophisticated phishing kits. These pirated kits become available to bad guys on the dark web and contain everything a person needs to change layouts and presentations to reflect different brands and to target victims based on the information they provide.
At first glance, these malicious landing pages look identical to the real thing, but users who are trained to notice subtle differences in fonts or URLs can spot the fake.
1. Hackers send you a bogus email pretending to be from Amazon.
2. Links in these emails point to the fake Amazon landing pages designed to trick you into entering information like your username and password.
An increase in these types of attacks was first seen this year during Amazon Prime Day on July 15th. With holiday shopping already in full swing and Black Friday approaching, these attacks are only going to increase.
This real phishing attempt was spotted a few weeks ago on a Mac users laptop. It was sent to their personal Gmail account. A call with Amazon support confirmed that this email was indeed malicious.
What makes this tricky is that business.amazon.com is a legit site, but can you spot the one line in these sender details that gives the hacker away?
A trained eye will notice that "amazonses" is not legit. Don't click any links from this one!
The body of this email promises "Business-only pricing" if you create your free account now.
This particular attack is targeted to Amazon users who have used a business credit card for purchases in the past. It's scary to think about how the bad guys know that.
Change your login password as an added precaution.
Be cautious with any emails coming from Amazon or other popular shopping sites. If you get an email offering either a special deal, a notice about your account status, items in your cart, or notification that an order has shipped, do not click on the email link--instead, navigate to your account on the site to confirm the validity of the claim.
Also, inspect the message for suspicious spellings or URLs and avoid putting your sensitive information into forms sent to you via email.
If something seems off with your account, call support. Amazon customer service will be able to tell you if any account updates need your attention.
Sites like Amazon have made holiday shopping more convenient, but with easy access and fast shipping comes more vulnerability to be aware of.
Stay informed! Read other recent news about phishing: https://blog.goptg.com/topic/phishing