Email
Password
Remember meForgot password?
    Log in with Twitter

article imageNewest Amazon phishing scam emerges, holiday shoppers beware

By Leigh Goessl     Dec 6, 2011 in Internet
As holiday shopping continues in full swing, scammers have kicked it up a notch and are phishing for information from Amazon.com customers.
This scam arrives during a time where people are likely scrambling to buy any remaining Christmas gifts, or want to simply take advantage of post-Black Friday promotions being offered by the ecommerce giant.
Sophos, a security company based in the UK, reported yesterday cybercriminals have "widely spammed" out a phishing attack through email. Scammers, posing as Amazon.com representatives, are hoping their victims will readily hand over some information.
The phishing scam email tells recipients their account is about to expire and will be deactivated unless the customer takes action. Instructions include a download and completion of an attached form.
Sophos security products detect the attachment as Trojan Phish-AZ.
Users who may have downloaded the malware attachment are presented with a webform that asks for sensitive details such as full name, address, telephone number, date of birth, and all pertinent credit card information -- all the makings of financial and identity theft. Amazon says they will never ask for a credit card number, PIN number, or credit card security code.
Some phishing attempts are obvious, but others are spoofed very carefully to mimic real businesses, and look real. In the current Amazon case, there are some key points that highlight the scam. This particular phishing scam email shows many editorial mistakes including a lack of capitalization ("Dear customer"), and it contains a spelling error "wether").
Phishing attempts and ecommerce fraud have increased significantly over the years and account for a good percentage of Internet fraud.
Consumers beware, even though Black Friday and Cyber Monday have both passed, there is still some mileage left in this year's holiday shopping season for ecommerce fraud. While phishermen generally do not discriminate when they'll target victims, cybercriminals are likely to continue to try to go the distance and try to scam unsuspecting victims during this busy shopping time.
On the plus side, phishermen often leave tell-tale signs which consumers can look for in order to sort out legitimate emails from falsified ones.
Items to look for in a phishing email can include:
• Asking the recipient to take immediate action
• Lookalike email addresses, scammers often mimic real email addresses and are very similar, but if you look carefully, often there are differences in name, domain or other identifiers.
• Tone is written to elicit a response. The tone often sounds urgent, and looks to instill fear, panic or trigger other emotions
• Asks recipient to click on hyperlinks or download attachments
• Email is littered with grammar or spelling errors, profession emails rarely include these kinds of mistakes.
• Arrives in the spam folder; this could mean a cloned name of a trusted contact
• If it sounds too good to be true, it usually is. Fantastic deals are sometimes real, but always remember this golden rule, rarely is something given for nothing.
Amazon.com is a frequent target for phishing scams because the company has such a large database of customers. Chances are a percentage of those people phishermen target in their spam are actual Amazon.com customers, so even if the tricksters manage to fool a small percentage of recipients, they've hit pay dirt.
More about Amazon, Shopping, Online shopping, Holiday shopping, phishing scam
 
Latest News
Top News