In the new form of phishing attack, cyber scammers have been deploying malware via PDF. The latest Amazon phishing scam uses pdf attachments that prompt logins to appear valid for many. Attackers utilize fake JavaScript login forms that are directly produced by the PDF attachment instead of using fake landing pages.

In the Amazon phishing scam, scammers pretend to send out Amazon tax invoices and lure victims into clicking on the Amazon Seller’s account for viewing the tax invoice. If the victim opens the attached PDF file, an identical login prompt as to Amazon’s is produced with JavaScript requesting the victim’s e-mail id and password. The email seems believable as it is a tax document and asks the victim to log in to view the document and therefore, enter login credentials.

Once the victim enters its credentials, attackers get complete access to the victim’s Amazon account and use it to exploit further.

This cyber scam differs from others as in these scams, types of emails and manipulation of URLs are not required. Therefore, even on a closer look, victims are unable to find any red flags.

Is this the Only One?

This is not the only Amazon phishing scam where the attackers have leveraged the brand and reputation of Amazon. In the past as well, attackers have been misguiding victims using the name of Amazon. Here are some of the most infamous cases including Amazon:

Amazon Gift Card Scam

Another very common type of Amazon phishing scam is the Amazon Gift Card Scam. While the details of these scams vary, there is a common pattern that the scammers follow. They connect with the vulnerable victim over the phone, email, and social media. This is done by creating a sense of urgency, such as offering a product at an unbelievably low price.

The attackers ask for payment using gift cards and instruct the victim to purchase gift cards either online or at a nearby store. The scammer also instructs the victim to provide the claim code mentioned over the gift card via phone, text message, or email.

“Amazon Called Me!”

In another form of a cyber scam, attackers used vishing to dupe victims by asking them into revealing the details of their Amazon accounts. The scammer impersonates an Amazon customer service over the phone call to dupe customers by stating that suspicious activity on their Amazon account has been noticed.

The scammer convinces them to turn on their computer and misguides them to click on unsecured websites. The victims are further asked to enter codes or other required information, make odd purchases, or permit the scammer to gain access to their computer. By using such manipulative tricks, the scammer gains access to the bank account details of victims and other sensitive information.

Amazon Prime Day

Not only do the customers eagerly wait for Amazon Prime Day but also cyber attackers, who are intent on trying to exploit Amazon’s customer base.

In research, it was found that a phishing kit is available in the internet market which contains tools required for phishing campaign and are specifically designed to target Amazon customers.

What does this Imply?

These scams are examples of how attackers are becoming smarter and more sophisticated in their approach to deploying cyber attacks. Attackers are constantly working on finding new entry points, methodology, and tactics that can easily dupe victims.

Is there a Way to Prevent Such Cyber Attacks?

Since the attack methodologies are not constant and change very frequently, it becomes very difficult to devise a tool that can prevent phishing attacks. Hence, it is important to use preventive techniques that can adapt to such exploitable and malicious changes.

Moreover, organizations need to implement cybersecurity solutions to secure their employees from falling victim to such cyber attacks. If a potential victim falls prey to such attacks while being in their organization’s network then there is a possibility of huge damage to not only employee’s sensitive information but to the whole organization.

Therefore, to avoid situations like Amazon phishing scams, organizations need a proactive approach that will work on strengthening the human line of defense. To fulfill this purpose, it is important to educate employees with security awareness training. Tools like TSAT help in building employees’ cognitive ability to identify such cyber threats and the different methods in which such attacks can be deployed.

The tool simulates the top 6 cyber attacks and assesses the cyber risk posture of the organization from people’s points of view. It ensures that employees can recognize cyber attacks with their highly interactive learning modules. Reduce the cyber risks existing within your organization by up to 90% with TSAT from Threatcop!