"Unauthorized activity on your Amazon account" phishing email doing rounds
Posted on 06 January 2014.
The pre-holiday online shopping frenzy has ended, but scam and phishing attempts continue unabated.

The latest email spam campaign aiming for login credentials is one that claims that unauthorised activity on the recipient's Amazon account has been spotted.

"Please be assured that because your card includes 'zero-liability fraud protection', you are not responsible for unauthorized use of your card," reassures the fake email, then urges the recipients to validate their Amazon account credentials by following an embedded link.

Over-trusting users who do so will land on a very convincing spoof of the Amazon login page, and will be pushed to enter their account credentials, name, address, phone number, and credit card information into a series of online forms (click on the screenshot to enlarge it):

Once all the information is submitted, the victim is politely thanked for their input and redirected to the legitimate Amazon website.

And this is the moment when some of the victims who have failed to notice that the previous site didn't have the correct URL may become suspicious, because they might notice they are not logged in.

If you are one of them, be sure to immediately change your account password and to contact your credit card issuer to notify them that your credit card has been compromised and should be blocked.


Cloned, booby-trapped Dark Web sites steal bitcoins, login credentials

Apart from being a way for dissidents and journalists to do their business without being spotted and identified by "the powers that be", the Dark Web is also a place where criminals sell and buy illegal wares and services and, apparently, where they also get robbed by scammers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jul 3rd