Once the victim enters his credentials, attackers get a complete access over your Amazon account and can use it to exploit further.
The attack differs from others as in these types of emails, manipulation of URL is not required and therefore, even on a closer look, victims are unable to find any red flags.
Is This the Only One?
This is not the only Amazon phishing scam where the attackers have leveraged the brand and reputation of Amazon. In past as well, attackers have been misguiding victims using the name of Amazon. Here are some of the most infamous cases including Amazon.
- Amazon Gift Card Scam
Another very common type of Amazon Phishing Scam is Gift Card Scam of Amazon. While the details of these scams vary, there is a common pattern that the scammers follow. They connect with the vulnerable victim over the phone, email, social media. This is done by creating a sense of urgency, such as, offering a product at an unbelievably low price.
The attackers ask for payment using gift cards and instruct the victim to purchase gift cards either online or at a nearby store. The scammer also instructs the victim to provide claim code mentioned over the gift card through phone, via text message or email.
- “Amazon Called Me!”
In another form of cyber scam, attackers used vishing to dupe victims by asking them into revealing the details of the amazon account.
- Amazon Prime Day
Not only the customers eagerly wait for the Amazon Prime Day but also cyber attackers, who were trying to exploit the Amazon’s customer base.
In a research, it was found that a phishing kit is available in the internet market which contains tools required for phishing campaign and are specifically designed to target Amazon customers.
What Does This Imply?
These scams are examples of how attackers are becoming smarter and more sophisticated in their approach to deploy cyber attacks. Attackers are constantly working on finding new entry points, methodology and tactics that can easily dupe victims.
Is there a way to prevent such attacks?
Since the attack methodologies are not constant and change very frequently, it becomes very difficult to devise a tool that can prevent such phishing attacks. It is, therefore, important to use preventive techniques that can adapt to such exploitable and malicious changes. Thereby, it becomes very important to build defensive capabilities in order to prevent yourself against various cyber threats. If a potential victim is falling prey to such attacks while being in their organization’s network, then, in such scenarios attacks can cause the damage to not only an individual but to the whole organization.
To avoid situations like Amazon phishing scam, we need a proactive approach that will work on strengthening the human line of defence. For fulfilling this purpose, Kratikal has developed a Cyber security attack simulator and awareness tool, ThreatCop. This tool helps in building employees’ cognitive ability to identify such cyber threats and the different methods in which such attacks can be deployed. This will allow the employee to pay attention to the probable threats within the email. The tool ensures that employees are able to recognize the attacks with its highly interactive learning module.