Beware of this four -step attack of Amazon Prime account account.
Standard security tips not to click links to unwanted email are good as far as it goes, but with phishing attacks and hackers becoming more and more sophisticated thanks to the use of it, it is not always so easy. Had a connection not been enough to avoid, this newly observed threat campaign aimed at Amazon Prime users guides the victim through the phase after the hackery phase designed to facilitate the non -suspected account of their credentials, Payment data and control over their carriage purchases
Explained attack on receiving the four -step Amazon Prime account
Servicedo service that requires a reconciliation for the user to enjoy full benefits is seen as a main objective for online criminals seeking lever to gain your trust and access your account. The larger the platform, the more ubiquitous the brand is, the more likely one is that one day, it will prove their destiny and seek to hacked you. Adri Andaya, a threat analyst at the Cofense Phishing Center, has published a February 18 report that details only such a threat campaign that aims squarely Amazon Prime. The attack methodology, Andaya explained, “not only targets entry credentials, but also requires additional details, such as verification information and payment data, for illegal purposes.”
In the analysis of the cofense, which I strongly recommend to go and read completely, anda shares the methodology of attack into distinct stages, with the four main stages as follows:
- A legitimate announcement of Amazon Prime Minister given by email. This advises the user that the method of paying their reconciliation has expired, uses a format that all except clones a proper presentation of the Amazon notice, and directs the focus of the possible victim towards a button to click you will allow them to supply to check their account payment status. “The sender’s address is cheated on” main notice “with the original address being a less known field that is not associated with Amazon,” Andaya said, but the message of the message is such that the attacker hopes that the reader will not do this.
- A false Amazon Prime security alarm appears on the page that the clicking of that aforementioned button redirects. Again, there are red flags like URL which is actually a Google Docs page and not an Amazon. But also again, the attackers hope that by seeking a security verification at this stage the victim may consider it legal and continue until the third phase.
- Amazon Prime Entry Page that, if completed, will steal your account credentials. Activating the two -factor certificate would immediately stop this stupidity here by adding another layer of entry security that such tactics could not bypass in this case. Andaya recommends that users also maintain the legitimate entry page as a bookmark and use it only when registering in order to facilitate secure inputs. If you have failed all the tests so far, then you will get to the fourth step in the Amazon Prime account process.
- The credentials update page, which, dubiously when you consider that the cut should take you to the Amazon’s home page, asks you to further secure your account by confirming everything from your mother’s girls’ name, to date Birth and phone number. “The phone number serves as a direct channel for communication,” Andaya warned, “especially when required one -time codes or call verifications.”
Softening Amazon Prime Hack attacks and frauds
I have reached Amazon for a statement, but while researching a very similar story lately, a spokesman told me: “Efforts trying to impose Amazon put consumers at risk. We will continue to invest in consumer protection and Public education to avoid fraud. In implementing the law to help keep customers safe.