"Unauthorized activity on your Amazon account" phishing email doing rounds
Posted on 06 January 2014.
The pre-holiday online shopping frenzy has ended, but scam and phishing attempts continue unabated.

The latest email spam campaign aiming for login credentials is one that claims that unauthorised activity on the recipient's Amazon account has been spotted.

"Please be assured that because your card includes 'zero-liability fraud protection', you are not responsible for unauthorized use of your card," reassures the fake email, then urges the recipients to validate their Amazon account credentials by following an embedded link.

Over-trusting users who do so will land on a very convincing spoof of the Amazon login page, and will be pushed to enter their account credentials, name, address, phone number, and credit card information into a series of online forms (click on the screenshot to enlarge it):

Once all the information is submitted, the victim is politely thanked for their input and redirected to the legitimate Amazon website.

And this is the moment when some of the victims who have failed to notice that the previous site didn't have the correct URL may become suspicious, because they might notice they are not logged in.

If you are one of them, be sure to immediately change your account password and to contact your credit card issuer to notify them that your credit card has been compromised and should be blocked.


The price of the Internet of Things will be a vague dread of a malicious world

Regulatory practices assume untrustworthy humans living in a reliable universe. People will be tempted to lie if they think the benefits outweigh the risks, but objects won't.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Oct 8th