Hackers Using Amazon As A Bait For Phishing Attacks

A new phishing campaign has been doing the rounds on the Internet in which hackers are using Amazon UK’s fake email message as  bait to entice targeted user base for phishing attacks, a security research reveals.

A blog post published by security and malware experts over at Malwarebytes blog which states that hackers are using spam email messages to carry out their new phishing campaign that is targeted towards Amazon’s UK users.

The spam message, that looks as if it was sent by Amazon, claims that their data centers were attacked by hackers which resulted in a data theft of few thousand accounts. So in an attempt to further secure your account, the support team recommends account verification process. Then a “Get Started” text embedded with a link is provided within the message that redirects the user to the phishing website that is designed to look similar to that of Amazon.

However, for those readers who are wondering, Amazon’s data servers are secure and were never breached or attacked on the dates specified in the spam email.

Sample email sent by hackers | Screenshot Source: Malwarebytes

The phishing webpage prompts the user to fill in their login credentials to sign into the account. Once filled, the user is then redirected to the second webpage that asks for complete account details including payment card details, Personally Identifiable Information (PII) as well as account security details.

All of the data and information that is provided by the victimized user in those two pages would be saved in pages named “Verify.php” and “Finish.php”, and both pages are located within the same domain. 

Once all of the details are successfully captured by the phishing site, the user is then automatically redirected to a real Amazon UK website.

The spam emails were sent via Linode server having IP address while the domain name being used by hackers for phishing and data collection is “ukamazonverify com.”

Apart from this, there are several domain names that were registered by hackers on the same day. All of those domain names are registered under email addresses provided by “126 com”, a China-based email provider.

It is not the first time hackers have used Amazon for their phishing campaign. Earlier last month hackers used email spam message regarding a launch of a new feature followed by a link to a phishing site in an attempt to steal credit card details.


Related Posts