Phishing campaign steals Amazon customers’ login and payment details
Cyber security researchers have uncovered a new phishing campaign attempting to steal Amazon customers’ login details.
The scheme, uncovered by experts from FireEye, involves realistic-looking fake Amazon pages that ask for their usernames, passwords, home addresses and payment card data.
Primarily targeting customers in the US, Europe and Canada, the campaign was first spotted on June 21st and uses some advanced techniques to evade detection and blocking systems.
For example, the phishing page uses the domain of a legitimate (but compromised) site, utilises the numerical HTML encoding of Unicode characters and uses URL path randomisation to ensure the final URL is always unique.
Once a user fills out all of the fields on the fake Amazon form, the malicious site sends the attacker an email containing all of their personal and financial information.
From there, the user is redirected to a legitimate Amazon page, meaning they could continue browsing and shopping without knowing anything is amiss.
“Detecting these types of threats can be tricky, particularly when the attacker is leveraging some interesting evasion techniques,” FireEye’s researchers said in a blog post. “Oftentimes users are redirected to phishing pages after clicking on a malicious link.
“FireEye recommends that users exercise caution when clicking on links from untrusted parties, avoid opening emails from unknown senders and be wary of emails from anyone requesting personally identifiable information. Additionally, and most importantly, users should only log into Amazon by visiting the website directly.”
The Amazon scam is just the latest in a long line of phishing campaigns.
Earlier this month, thousands of Facebook users received fake notifications claiming they had been mentioned in comments by their friends. In just 48 hours, more than 10,000 users were tricked into installing a malicious Google Chrome extension.
And in June, Apple customers were targeted by a phishing campaign that claimed they needed to confirm their iTunes details because of a virus infection.