Amazon users targeted with new phishing attack

Share this article:

Users who receive an email claiming their Amazon account is about to expire should think twice before clicking on any attachments.

That's because the message may have been sent from a cybercriminal, researchers at anti-virus firm Sophos have warned.

Attackers have been widely spamming messages – purportedly sent from Amazon – claiming users' accounts are about to be deactivated. The messages, of course, were not actually sent from Amazon and, in fact, aim to trick users into revealing their personal data.

The unsolicited email, which is arriving in inboxes with subject lines such as “You have (1) message from Amazon,” instructs users to download and fill out an attached form to continue using their Amazon account.

If clicked, the attached file, named “NO003950033.html,” opens a web form, which includes Amazon's logo, that asks users to input their full name, address, credit card information and other details to reactivate their Amazon account. Once a user fills out the form and clicks submit, the information is uploaded to the attackers' remote web server.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.

FBI warns of potential cyber attacks launched by ISIS hacktivists

Following U.S. military airstrikes in the Middle East, the FBI has issued a warning regarding possible cyber threats aimed at U.S. networks and critical infrastructure by hacktivists in support of ISIS.

Report: 75 million records compromised so far in 2014

Report: 75 million records compromised so far in ...

An updated report indicates that since this time last year, breaches have increased by 29.4 percent, with 568 breaches occurring this year.