Amazon Phishing Scams: Shoppers Need to Stay Alert

As mandatory stay-at-home policies have boosted online retailers’ business, cybercriminals are using phishing tactics and fraudulent sites to steal shopper credentials and financial information.

There has been a sharp spike in the number of new monthly phishing and fraudulent sites created using the Amazon brand since August. However, Amazon phishing and fraud sites have been booming since the very beginning of the COVID-19 pandemic. This online retail giant has become an essential part of peoples’ lives during lockdown. Cyber attackers wasted no time in creating various campaigns, taking advantage of both Amazon features and consumer behavior. Their focus is mainly on Prime Day (Amazon’s annual discount shopping campaign) and the incoming busy holiday season, where online shopping activity is on the rise. Here are some of the recent examples:

Website mimicking

Various fraudulent websites mimic a legitimate Amazon website. An inattentive shopper could easily fall for the scam. The scam websites target “returns” or “order cancellations” related to Amazon’s Prime Day. However, a closer look shows a number of issues that indicate this website are not authentic. For example, they request bank or credit card information (while Amazon always offers refunds to original form of payment or gift cards). Besides this, there is a prominent phone number, and Amazon does not encourage customer service by phone.

Website promotions

Some malicious websites promote an Amazon loyalty program and offer free iPhones if users answer a few survey questions. After this, the users are redirected to a game that they easily win. Of course, the only thing separating them from a new smartphone is entering their credit card info so the website can charge them $1 to receive the phone. The site even includes fake reviews by people who have already received their iPhone. The idea is to convince the shopper that the website’s offer is legitimate. Obviously, this never happens. Instead, the shopper begins to see strange charges on the credit card number they provided.

Credential phishing

In July, researchers at Armorblox noticed a pair of sophisticated phishing efforts that both used Amazon delivery orders. The first example is an email that came from a legitimate third-party vendor email account impersonating Amazon. The content of this email informed the customers that their Amazon order failed to ship. It also created a sense of urgency (a common phishing tactic) adding that the order will be canceled if they don’t update their payment details within 3 days.

“The email sender name was ‘Support Reply’, which isn’t an exact replication of an Amazon automated email but still ‘robotic’ enough to pass our subconscious eye tests”, said Arjun Sambamoorthy, co-founder and head of engineering at Armorblox.

Clicking on the link led victims to a fake Amazon website with a phishing flow that aimed to steal login credentials, billing address information, and credit card details. After the phishing was completed, victims were redirected to the real Amazon home page. The hackers used sophisticated social engineering methods to trigger the required response.

Vishing (voice phishing) attack

In another campaign spotted by Armorblox, attackers sent an email that included a phone number for the “Fraud Protection Team” to call in case the recipient’s Amazon delivery order was fraudulent. The call would connect to a real person pretending to be from the Amazon fraud protection team. After this, they would go through a vishing flow aimed at extracting personal information from victims, such as name and credit card number.
Although the sender name – ‘No Reply Amazon Com’ – was impersonated, the email was sent from a personal Gmail account. This resulted in the email successfully passing all authentication checks, said Sambamoorthy in his post.

Making the platform safe

According to researchers, avoiding online fraud should not be particularly difficult for online users. All they need to do is to pay more attention to details. Although fraudulent sites mimic real sites, they often miss certain details. For example, the upper left logo will not lead to the real site’s homepage. The images can often be blurry, or logos and buttons misplaced. Also, if the site asks to reenter the saved payment details, it is extremely likely that the site is fraudulent.
More over, some online retailers like Amazon provide two-factor authentication (2FA) as an additional security for users. This method could minimize the risk of cyber threats and attacks. Enabling 2FA or MFA fortifies the user accounts and protect them from various types of phishing, data breaches, and credential theft.


Passwordless MFA