New reports suggest that cybercriminals are implementing a new Amazon scam to take advantage of the holiday shopping frenzy ahead of Black Friday and the holiday season. Researchers at Avanan have highlighted the attack in a blog post; it began last month and involved fraudsters spoofing Amazon order notification emails.
The goal of these spoof emails is to encourage the recipient to phone a false customer service number. After that, the scammers will attempt to get them to provide their credit card information.
According to Avanan, “When you call the number, at first no one will answer. After a few hours, a call back will occur”. At which point, the scammers will ask for details including the credit card number and CVV after deeming both details important to cancel the invoice.
Also Read: Samsung Mass Producing Galaxy S22 Series According To Reports.
How exactly is the Amazon scam being carried out?
Now, the question arises, how do the scammers are bypassing the email security filters? Scammers are able to get over email security filters by adding valid links in the body of the email that lead to the real Amazon website. While some phishing attacks employ bogus landing sites to collect credentials; the links, in this case, provide a more secure avenue into inboxes. It also gives the victim a false sense of security.
In addition to stealing credit card information, the scam also acts as a phone number harvester. So, it is doing the groundwork for future voicemail and text-based attacks.
Researchers have revealed that “Once [attackers] obtain the phone number, they can carry out a series of attacks, whether through text messages or phone calls”. “Just one successful attack can lead to dozens of others.”
Also Read: Android 12 Users Still Cannot Access Chromecast Volume Controls Through Their Smartphones.