Customers of Amazon Tricked With Phishing Email Campaign
Softpedia.com published news on 17th February, 2015 according to which security experts warned that a malicious campaign has targeted the users of global online-retailer Amazon aiming to harvest their sign-in information for the service.
The phishing notifications assert to be from the customer service department of Amazon asking to verify a ticket number.
To make the user unaware about the tainted activity, the scammers included Amazon's name in the return address. While the address is completely a fake (firstname.lastname@example.org), it may be enough to trick some of the innocent users.
To enable crooks to steal credentials, the fake email message contains a link directing to a malicious website loaded with a bogus log-in page for Amazon.
Crooks automatically get all details entered in the given fields and if the account is not secured with two-factor authentication (2FA), scammers could embezzle sensitive information and could also start transactions on behalf of the victim.
Security experts have analyzed the scam email and found that victims would not be aware until fraudulent transactions and later on other evidence of theft of identity comes to their attention.
Amazon will never ask any customer for personal and financial information through an unsolicited email.
You should always be careful about any unsolicited email which asks you for financial and personal information either by clicking a link to a website or by opening an attachment in the email. Security experts highlight that no genuine financial organization or company will ever ask customers for personal details using such methods.
Security experts highlight that unfortunately it is not the first time that Amazon is being targeted by phishers.
During July 2012, phishing emails purporting to be from Amazon.co.uk claimed that recipient's account has been restricted due to a recent review and more account information was required via an attached form to lift the restriction. Some versions asked users to click a link to access the form instead of an attached file. The fake form asked for details of credit card with name, address and contact details and it was designed to look like genuine web page of Amazon.