The Cofense Phishing Defense Center (PDC) has identified a new phishing campaign that specifically targets Amazon Prime users, attempting to steal login credentials, security answers, and payment details. The attack uses a well-crafted email impersonating Amazon, urging users to update their payment information due to an “expired” or “invalid” payment method.
“This threat was delivered via an email that appears to be a legitimate notification from Amazon Prime notifying the user that their payment method has expired or is no longer valid,” states the Cofense PDC. The email features a spoofed sender name, “Prime Notification,” but originates from an unrelated domain, a telltale sign of phishing attempts.
The email attempts to create a false sense of urgency, prompting users to click on a fraudulent link. Upon clicking, victims are redirected to a fake Amazon security verification page. “One of the first red flags recipients should look for is the URL, as it reveals that they have been redirected to Google Docs instead of Amazon’s legitimate website,” the report warns.
Once the user proceeds past the fake security page, they are presented with a fraudulent Amazon login page designed to steal credentials. “Users should always double-check when logging into websites and ensure that additional security measures, such as multi-factor authentication, are enabled,” Cofense advises.
After submitting their credentials, victims are then asked to provide additional verification information, including their mother’s maiden name, date of birth, and phone number.
The phishing attack does not stop at login credentials. Users are also asked to enter their billing address and payment details, including credit card information. “By obtaining the recipient’s residential details, threat actors can submit a request to change the victim’s address with postal services, redirecting mail and packages to another location,” the report explains.
Similarly, stolen credit card details enable attackers to conduct unauthorized transactions. “If these details are compromised, threat actors could use the information to initiate and authorize multiple transactions,” Cofense warns. Victims are urged to contact their banks immediately if they suspect their card details have been stolen.
Related Posts:
- Cybercriminals Escalate Attacks with Sophisticated HR-themed Phishing Scam
- Cisco releases the security updates to fix RCE flaws in multiple products
- Cyberattack on Delta Prime: Losses Soar to $6M
- Hackers are actively exploiting PHP RCE vulnerability (CVE-2024-4577)
