Amazon Phishing Scam Uses Fake Login Prompts in PDF

Amazon phishing scam

In the new form of the phishing attack, cyber scammers have been deploying malware via PDF. The latest Amazon phishing scam uses pdf attachments that prompt logins to appear valid for many. Attackers utilize fake JavaScript login forms that are directly produced by the PDF attachment instead of using fake landing pages.

In the Amazon phishing scam, scammers pretend to send out Amazon tax invoices and lure victims into clicking on the Amazon Seller’s account for viewing the tax invoice. If the victim opens the attached PDF file, an identical login prompt as of Amazon’s is produced with JavaScript requesting the victim’s e-mail id and password. The email seems believable as it is a tax document and asks the victim to login to view the document and therefore, enter login credentials.

Amazon Phishing Scam via PDF Docs
Fake Login Prompt

Once the victim enters its credentials, attackers get complete access over the victim’s Amazon account and use it to exploit further.

This cyber scam differs from others as in these scams, types of emails and manipulation of URL is not required. Therefore, even on a closer look, victims are unable to find any red flags.

Is this the Only One?

This is not the only Amazon phishing scam where the attackers have leveraged the brand and reputation of Amazon. In the past as well, attackers have been misguiding victims using the name of Amazon. Here are some of the most infamous cases including Amazon:

Amazon Gift Card Scam

Another very common type of Amazon phishing scam is the Amazon Gift Card Scam. While the details of these scams vary, there is a common pattern that the scammers follow. They connect with the vulnerable victim over the phone, email, social media. This is done by creating a sense of urgency, such as offering a product at an unbelievably low price.

The attackers ask for payment using gift cards and instruct the victim to purchase gift cards either online or at a nearby store. The scammer also instructs the victim to provide claim code mentioned over the gift card through phone, via text message or email.

“Amazon Called Me!”

In another form of a cyber scam, attackers used vishing to dupe victims by asking them into revealing the details of the Amazon account. The scammer impersonates as an Amazon customer service over the phone call to dupe customers by stating that suspicious activity on their Amazon account has been noticed.

The scammer convinces them to turn on their computer and misguides them to click on unsecured websites. The victims are further asked to enter codes or other required information, make odd purchases, or permit the scammer to gain access to their computer. By using such manipulative tricks, the scammer gains access to bank account details of victims and other sensitive information.

Amazon Prime Day

Not only the customers eagerly wait for Amazon Prime Day but also cyber attackers, who intent on trying to exploit Amazon’s customer base.

In research, it was found that a phishing kit is available in the internet market which contains tools required for phishing campaign and are specifically designed to target Amazon customers.

What does this Imply?

These scams are examples of how attackers are becoming smarter and more sophisticated in their approach to deploying cyber attacks. Attackers are constantly working on finding new entry points, methodology, and tactics that can easily dupe victims.

Is there a Way to Prevent Such Cyber Attacks?

Since the attack methodologies are not constant and change very frequently, it becomes very difficult to devise a tool that can prevent phishing attacks. Hence, it is important to use preventive techniques that can adapt to such exploitable and malicious changes.

Moreover, organizations need to implement cybersecurity solutions to secure their employees from falling victim to such cyber attacks. If a potential victim falls prey to such attacks while being in their organization’s network then there is a possibility of huge damage to not only employee’s sensitive information but to the whole organization.

Therefore, to avoid situations like Amazon phishing scams, organizations need a proactive approach that will work on strengthening the human line of defense. To fulfill this purpose, it is important to educate employees with security awareness training. Tools like ThreatCop help in building employees’ cognitive ability to identify such cyber threats and the different methods in which such attacks can be deployed.

ThreatCop
ThreatCop’s Dashboard Image

The tool simulates the top 6 cyber attacks and assesses the cyber risk posture of the organization from people’s point of view. It ensures that employees can recognize cyber attacks with their highly interactive learning modules. Reduce the cyber risks existing within your organization up to 90% with ThreatCop!

Do You Know
Who Is The Weakest Link In The
Cybersecurity Chain?

You will be shocked but…it is your EMPLOYEES!
Make your employees proactive against prevailing cyber attacks with ThreatCop!

2 thoughts on “Amazon Phishing Scam Uses Fake Login Prompts in PDF

Leave a Reply