Amazon Spoofed in New Attack

Amazon Spoofed in New Attack

Researchers have unearthed a sneaky new cyber-attack that spoofs American multinational technology company Amazon to steal victims’ financial credentials.



The digital deception, which combines brand impersonation with social engineering, was discovered by software firm Avanan, a Check Point Company based in New York. 



Today, Avanan shared details about the attack on its blog. The scam is a two-part affair that begins with an email. It was first observed in October 2021.



The perpetrators of the attack use legitimate Amazon links to force the end-user to make a phone call and give out their financial details.



“In this attack, hackers are spoofing an Amazon order notification page,” wrote researchers.



Victims receive what looks like a typical Amazon order confirmation email containing links that all direct the user to the legitimate Amazon site. 



“When trying to call the number listed, which is not an Amazon number, the scam begins, with the end goal of obtaining credit card information,” noted researchers. 



Though the number listed on the email has an area code from South Carolina, it is not an Amazon number. Victims who dial will not receive an answer. However, a few hours later, they will get a call back from attackers based in India.



To incite the victims to make the call to Amazon, the attackers include high-price items on the fictitious emailed invoice. 



Details gathered under the scam could be used by the attackers to carry out other criminal activity.



Researchers noted that this method of stealing financial details “results not only in monetary gain for the hackers but serves as a fo ..

Support the originator by clicking the read the rest link below.