Amazon users targeted with new phishing attack

Share this article:

Users who receive an email claiming their Amazon account is about to expire should think twice before clicking on any attachments.

That's because the message may have been sent from a cybercriminal, researchers at anti-virus firm Sophos have warned.

Attackers have been widely spamming messages – purportedly sent from Amazon – claiming users' accounts are about to be deactivated. The messages, of course, were not actually sent from Amazon and, in fact, aim to trick users into revealing their personal data.

The unsolicited email, which is arriving in inboxes with subject lines such as “You have (1) message from Amazon,” instructs users to download and fill out an attached form to continue using their Amazon account.

If clicked, the attached file, named “NO003950033.html,” opens a web form, which includes Amazon's logo, that asks users to input their full name, address, credit card information and other details to reactivate their Amazon account. Once a user fills out the form and clicks submit, the information is uploaded to the attackers' remote web server.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Tinba variant aimed at U.S., international banks

Tinba variant aimed at U.S., international banks

Researchers at AVAST have unlocked a Tinba variant and discovered it has been customized to target U.S. financial institutions.

Adobe makes delayed updates for Reader, Acrobat available

The Reader and Acrobat fixes were delayed a week due to issues found during testing.

Nigerian police search for ringleader in major bank heist

The suspect, Godswill Oyegwa Uyoyou, conspired with others to hack bank systems and divert 6.28 billion Naira to mule accounts.