Cybercriminals have created a new, realistic-looking phishing campaign targeting Amazon Prime customers, which not only gains access to a customer’s account, but could also infect their computer or mobile device with malware.
Mass emails that appear to come from Amazon are being sent out, thanking customers for making purchases on Amazon’s Prime Day in July. The emails then invite recipients to go to the Amazon website to “write a review” in order to receive a special $50 bonus credit.
Once the link in the email is clicked on, though, the recipient is routed to a clone of the Amazon site. If the customer goes on to enter their username and password, a cybercriminal can then gain access to their account. It is also possible that, through the phishing campaign, malware could be installed on the computers or mobile devices being used to access it.
Flipboard received a copy of the email, which also contains manual instructions in case a recipient doesn’t click on the link. The manual instructions still leads to the bogus site and is unsafe for the recipient.
The safest way to deal with an email allegedly from Amazon Prime regarding Prime Day is to skip the included link and instead type the online retail giant’s web address directly into your browser. After logging in, you can then contact customer service with any questions. And, if you receive a suspicious email, contact Amazon using the instructions on the site’s report-phishing page.
Last year, phishing cyberattacks hit a new record, with the total number of phishing attacks at 1,220,523 — a 65 percent increase over the number of cyberattacks recorded in 2015.
“Phishing is an attack that relies primarily on fooling people, rather than highly sophisticated technical implementations,” said APWG Senior Research Fellow and iThreat VP Greg Aaron. “For that reason, phishing remains both popular and effective.”