As you can see in the above screenshot, Apple iPads are one of the lovable items scammers are purchasing with the stolen credentials and gift cards.
In parallel, in another forum, as part of “contributing the community”, one of the hackers published a list of stolen credentials of Amazon users – allowing all forum members to use the stolen accounts for their own needs.
Email Phishing Campaign Targeting USA, Slovakia & Turkey:
Veriti’s research team identified a highly coordinated phishing campaign aimed at Amazon users in the USA, Slovakia, and Turkey. This campaign was designed to deceive recipients into believing their Amazon accounts were at risk, thereby prompting them to take immediate action.
The phishing emails were crafted to appear as legitimate communications from Amazon, complete with familiar branding and language. These emails informed recipients of unusual payment activity or other security concerns with their accounts, urging them to verify their information to prevent account suspension. The attached PDF file, misleadingly named “Details_Statement_ID_<ID number>,” contained a link to a phishing site designed to mimic the Amazon login page.
Upon clicking the link, users were redirected to a fake Amazon page where they were prompted to enter their login credentials. Once these details were submitted, the attackers would capture them, gaining unauthorized access to the victims’ Amazon accounts. To add another layer of deception, the phishing site also included a secondary step that directed users to a fake Google login page, aiming to harvest even more sensitive information.
This phishing campaign’s sophistication lies in its multi-stage approach and its ability to bypass initial suspicions by mimicking trusted services. The attack leveraged common concerns about account security to manipulate users into divulging their personal information.
Lessons Learned: How to Stay Vigilant During Amazon Prime
The findings from Veriti’s research into cybercriminal activities surrounding Amazon Prime Day underscore the critical need for heightened vigilance among consumers. As we have uncovered, scammers and hackers are increasingly sophisticated, employing a range of tactics to exploit the popularity of this major shopping event. These insights provide valuable lessons on how consumers can protect themselves from falling victim to such schemes.
*** This is a Security Bloggers Network syndicated blog from VERITI authored by Veriti Research. Read the original post at: https://veriti.ai/blog/staying-safe-during-amazon-prime-day/