Amazon Spoofed in New Attack
Researchers have unearthed a sneaky new cyber-attack that spoofs American multinational technology company Amazon to steal victims’ financial credentials.
The digital deception, which combines brand impersonation with social engineering, was discovered by software firm Avanan, a Check Point Company based in New York.
Today, Avanan shared details about the attack on its blog. The scam is a two-part affair that begins with an email. It was first observed in October 2021.
The perpetrators of the attack use legitimate Amazon links to force the end-user to make a phone call and give out their financial details.
“In this attack, hackers are spoofing an Amazon order notification page,” wrote researchers.
Victims receive what looks like a typical Amazon order confirmation email containing links that all direct the user to the legitimate Amazon site.
“When trying to call the number listed, which is not an Amazon number, the scam begins, with the end goal of obtaining credit card information,” noted researchers.
Though the number listed on the email has an area code from South Carolina, it is not an Amazon number. Victims who dial will not receive an answer. However, a few hours later, they will get a call back from