14 DAY TRIAL // Users of global online retailer Amazon have been targeted by a malicious campaign that aims at harvesting their log-in data for the service.
The phishing emails claim to be from the retailer’s customer service, in relation to a verification of a ticket number.
In a poor attempt to keep the recipient unaware of the malicious activity, the crooks included Amazon’s name in the return email address. Although the address is clearly a fake ([email protected]), it may be sufficient to fool some of the less experienced users.
To achieve their credential-stealing purpose, the body of the message contains a link pointing to a malicious website, where a fake log-in page for Amazon is loaded.
Any information entered in the provided fields is automatically sent to the crooks; if the Amazon account is not protected with two-factor authentication (2FA), the cybercriminals could steal sensitive details as well as initiate transactions in the name of the victim.
One email sample was caught on Monday by MillerSmiles, which usually determines an approximate location of the server hosting the fraudulent page. However, the information could not be obtained in this case.
At the moment, the fake web page is no longer up and running, and instead of phishing content it displays a 404 error.