Threat Research

Amazon Phishing Scam Targets Security Answers and Payment Info

Securonix
Amazon Phishing Scam Targets Security Answers and Payment Info

The article discusses a phishing scheme targeting Amazon Prime users that exploits familiar communications to steal sensitive personal and payment information. The threat employs various tactics, including email spoofing and deceptive redirects, which aim to create urgency and trick users into providing their credentials and personal details. Affected: Amazon Prime users

Keypoints :

  • A phishing scheme was identified targeting Amazon Prime users.
  • The attack utilizes email notifications that look legitimate to extract personal information.
  • Email sender addresses are spoofed to create a sense of authenticity.
  • The phishing emails create urgency, prompting users to click on malicious links.
  • Users are redirected to fake pages that mimic Amazon’s login and verification processes.
  • Phishing attempts gather information such as mother’s maiden name, date of birth, and payment details.
  • Victims’ credentials may be sold on the dark web for various malicious purposes.
  • Personal information obtained can lead to identity theft and financial fraud.
  • Amazon advises users to verify email senders and log in to their accounts directly for security.
  • Phishing emails can bypass automated security measures, making user awareness critical.

MITRE Techniques :

  • T1071 – Application Layer Protocol: Attackers use email as the application layer protocol to deliver phishing content.
  • T1090 – Connection Proxy: The malicious links redirect users through Google Docs, obscuring the true destination.
  • T1203 – Exploitation for Client Execution: The phishing email exploits user trust to encourage credential entry on a fake login page.
  • T1430 – Data from Information Repositories: The phishing attempt aims to gather personal information from the victims.

Indicator of Compromise :

  • [URL] hXXps[:][//]docs[.]google[.]com[/]drawings[/]d[/]1rSqoqN1uTTbP4qnfKzx2ZbvS0ACejeywUyBBw2FMggU[/]preview
  • [IP Address] 172.253.122.102
  • [URL] hXXps://www[.]google[.]com/url?q=hXXps://l[.]wl[.]co/l?u%3DhXXps://qr-codes[.]io/unPek2&sa=D&source=editors&ust=1730236183327166&usg=AOvVaw2aIfuYyrhGCLMJoZ_CIJvl
  • [URL] hXXps://qr-codes[.]io/unPek2
  • [IP Address] 172.253.115.106

Full Story: https://cofense.com/blog/amazon-phish-hunts-for-security-answers-and-payment-information

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint