Amazon Phishing Scam Uses Fake Login Prompts in PDF

Amazon Phishing Scam
Amazon Phishing Scam Creates Fake Login Prompts in PDF Docs

In a new form of Phishing attack, cyber scammers have been deploying malware via PDF. In the Amazon phishing scam, that uses pdf attachments that prompt logins to appear valid for many. Attackers utilize fake JavaScript login forms that are directly produced by the PDF attachment instead of using fake landing pages.

In the Amazon phishing scam, scammers pretend to send out Amazon tax invoice and lure the victims to into Amazon Seller’s account for viewing the tax invoice. If the victim opens the attached PDF file, an identical login prompt as of Amazon’s is produced with JavaScript requesting victim’s e-mail id and password. The email seems believable in nature as it is a tax document and asks the victim to log in to view the document and therefore, enter login credentials.

Amazon Phishing Scam via PDF Docs
Fake Login Prompt

Once the victim enters his credentials, attackers get a complete access over your Amazon account and can use it to exploit further.

The attack differs from others as in these types of emails, manipulation of URL is not required and therefore, even on a closer look, victims are unable to find any red flags.

Is This the Only One?

This is not the only Amazon phishing scam where the attackers have leveraged the brand and reputation of Amazon. In past as well, attackers have been misguiding victims using the name of Amazon. Here are some of the most infamous cases including Amazon.

  • Amazon Gift Card Scam

Another very common type of Amazon Phishing Scam is Gift Card Scam of Amazon. While the details of these scams vary, there is a common pattern that the scammers follow. They connect with the vulnerable victim over the phone, email, social media. This is done by creating a sense of urgency, such as, offering a product at an unbelievably low price.

The attackers ask for payment using gift cards and instruct the victim to purchase gift cards either online or at a nearby store. The scammer also instructs the victim to provide claim code mentioned over the gift card through phone, via text message or email.

  • “Amazon Called Me!”

In another form of cyber scam, attackers used vishing to dupe victims by asking them into revealing the details of the amazon account.

  • Amazon Prime Day

Not only the customers eagerly wait for the Amazon Prime Day but also cyber attackers, who were trying to exploit the Amazon’s customer base.

In a research, it was found that a phishing kit is available in the internet market which contains tools required for phishing campaign and are specifically designed to target Amazon customers.

What Does This Imply?

These scams are examples of how attackers are becoming smarter and more sophisticated in their approach to deploy cyber attacks. Attackers are constantly working on finding new entry points, methodology and tactics that can easily dupe victims.

Is there a way to prevent such attacks?


Since the attack methodologies are not constant and change very frequently, it becomes very difficult to devise a tool that can prevent such phishing attacks. It is, therefore, important to use preventive techniques that can adapt to such exploitable and malicious changes. Thereby, it becomes very important to build defensive capabilities in order to prevent yourself against various cyber threats. If a potential victim is falling prey to such attacks while being in their organization’s network, then, in such scenarios attacks can cause the damage to not only an individual but to the whole organization.

To avoid situations like Amazon phishing scam, we need a proactive approach that will work on strengthening the human line of defence. For fulfilling this purpose, Kratikal has developed a Cyber security attack simulator and awareness tool, ThreatCop. This tool helps in building employees’ cognitive ability to identify such cyber threats and the different methods in which such attacks can be deployed. This will allow the employee to pay attention to the probable threats within the email. The tool ensures that employees are able to recognize the attacks with its highly interactive learning module.

Do You Know
Who Is The Weakest Link In The
Cyber Security Chain?

You will be shocked but…it is your EMPLOYEES!

Make your employees proactive against prevailing cyber attacks with ThreatCop!

Leave a Reply