The latest AWS phishing scam puts millions of customers at risk across the globe.
It’s a fact that phishing scams are evolving and stealing credentials to obtain sensitive business data has remained the foremost target of hackers since day one, and to achieve this they can go to any lengths.
Pursuing the same goal, hackers are now distributing fake Amazon Web Services (AWS) notifications to steal employee credentials and fulfill their nefarious objectives.
According to researchers at Abnormal Security, cybercriminals are trying to monetize from the COVID-19 led lockdowns and quarantine restrictions that have forced businesses to conduct operations online using cloud-based applications and collaboration programs.
In their latest campaign, attackers are sending out emails impersonating as AWS automated notifications. To make them appear legit, attackers have included authentic AWS links in the anchor text.
However, the hyperlink takes the recipient to an entirely different URL than the original AWS login page. Unsuspecting users are most likely to enter the required credentials on this fake page as it is identical to the real AWS login page.
According to Abnormal Security’s blog post, there are many different versions of this attack, involving different sender emails, clients, and payloads. But, one common aspect is that these emails originate from the same IP address, which is hosted by a France-based VPN.
Every payload link that’s part of this campaign leads to AWS credential-stealing websites. If the credentials are entered, the attackers will gain access to the user’s AWS account and sensitive data will be exposed.
AWS has millions of customers around the world including the US Military and top-notch businesses across the globe. If your business is one of them watch out for the ongoing phishing campaign as infamous hacking groups like Lazarus also use similar tactics to target large firms and steal sensitive data.
You can also follow this guide to protect your business against evolving phishing scams.