The scammers trick users by involving a security feature offered by Facebook and Google

Nov 28, 2012 10:53 GMT  ·  By

Experts have spotted a new Amazon phishing scam that’s designed to trick users into handing over their credentials. The crooks are trying to convince victims that their accounts have been accessed from multiple computers.

Facebook and Gmail customers are probably aware of the security feature that notifies them in case someone connects to their account from a “suspicious” IP address. Amazon doesn’t have such a feature, but that hasn’t stopped phishers from making one up.

Researchers from security firm Avira have come across an email entitled “We have recently determined that various computers connect to your Amazon account,” which reads:

“We have recently determined that various computers connect to your Amazon account, password and the present of chess more taient before the connection. Now we need to confirm the new information from your Amazon account. If not completed within 48 hours, we will be forced to suspend your account indefinitely because it can be used in a fraudulent intent.”

Users who fall for it and click on the link are taken to a page that replicates amazon.co.uk – the UK website of Amazon. Here, they’re asked to confirm their account by providing their email address and password.

Once they give the requested information, they’re taken to a second page where they’re asked for more information, including name, address, date of birth and payment card sort code. However, this second webpage appears to be hosted on amazon.com.

Avira IT Security Expert Sorin Mustaca highlights some interesting things about this particular scam. First of all, the email’s text appears to be translated from another language with an online translation service such as Google Translate.

Secondly, part of the source code of the phishing page appears to be copied from the genuine Amazon site.

Another clever thing about this scheme is that an error message pops up if users enter an invalid email address.

Finally, the phishers haven’t bothered to make sure that both the Amazon sites replicate the same domain. The scam starts on a fake amazon.co.uk page and it ends on a bogus amazon.com page.

Users who already fell for it and provided the crooks with their credentials are advised to immediately change their Amazon passwords and contact their bank, as the cybercriminals will most likely attempt to perform fraudulent transactions.