The latest email spam campaign aiming for login credentials is one that claims that unauthorised activity on the recipient's Amazon account has been spotted.
"Please be assured that because your card includes 'zero-liability fraud protection', you are not responsible for unauthorized use of your card," reassures the fake email, then urges the recipients to validate their Amazon account credentials by following an embedded link.
Over-trusting users who do so will land on a very convincing spoof of the Amazon login page, and will be pushed to enter their account credentials, name, address, phone number, and credit card information into a series of online forms (click on the screenshot to enlarge it):
Once all the information is submitted, the victim is politely thanked for their input and redirected to the legitimate Amazon website.
And this is the moment when some of the victims who have failed to notice that the previous site didn't have the correct URL may become suspicious, because they might notice they are not logged in.
If you are one of them, be sure to immediately change your account password and to contact your credit card issuer to notify them that your credit card has been compromised and should be blocked.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.