Beware of an Amazon Phishing Scam That Attempts to Steal Login Credentials

Cybersecurity has taken major steps in recent months, with the systematic disassembly of multiple hacker collectives, take-downs of botnets and the development of anti-malware solutions that are currently stronger than ever. Yet, for all their hard work, IT security specialists can barely stem the tide of ingenious attacks that threaten users every step of the way. And, by all accounts, cyber-criminals do not seem to show any sign of relenting – as a matter of fact, they are getting more and more ingenious and cunning in their depredations. Case in point – the recent wave of Amazon Phishing scams that targeted specifically Germany.

Broadly speaking, the goal of all phishing scams is to trick the user into revealing private information to the criminal. This usually involves a fake email that urges the user to follow a fake link and enter their credentials into a fake landing page. All of those fakes can be spotted and thus - avoided by people who are on the lookout for similar trickery.

However, this is not the only way to phish. There are other, more subtle ways to manipulate a user into giving out their personal information. The particular phishing campaign that we mentioned previously involved emails that seemed to originate from Amazon and explicitly stated that they contained tax documents, and in order for the user to view them said user would need to be verified. The innocuous PDF attachments displayed self-protect login prompts that too many users would look normal.

Users were shown fake login prompts, created using JavaScript, that asks for their Amazon email address and password. As anyone who has had private communication with banks and other similar entities would certainly know, this is a common form of information protection that is nothing out of the ordinary. Unfortunately for the victims of this scam, in spite of it seeming like routine communication, instead it deposited their accounts and passwords right into the scammers' grubby fingers. And since an Amazon account contains a lot of vital information, it’s not difficult to see how such a scam can have immediate and extremely dire consequences for the victims, whose security and finances have suddenly become compromised.

How to Protecting Yourself From Similar Phishing Scams

1. You should be vigilant when it comes to documents that require the input of extensive personal details, especially if you were not expecting to receive such things via email. In most cases, reaching out to the sender to confirm their identity through official channels will cost the user nothing more than a bit of effort – and although that practice may be viewed as an extra hoop to jump through, it is often justified for the extra layer of protection it affords.
2. You always need to check the sender of an email to make absolutely sure they match up with a legitimate domain, namely – the one that corresponds with the email you received. If you have any suspicion at all that those domains don’t match – you should definitely investigate further before taking any other actions with regards to that particular line of communication.
3. Take the time to carefully examine the URL of any landing pages to make sure they appear one hundred percent legitimate.
4. Only ever login to sites at their official domains. Avoid using attachment links that would allegedly take you to a form you need to fill in order to submit information. If, for some reason you decide to use such a link – make absolutely sure that it has taken you to a legitimate page, and not a fake.