A New And Crafty Amazon Prime Phishing #Scam Email Is Making The Rounds…. Let’s Have A Look At It
Now I cover a lot of these phishing scam emails. But this one that is related to Amazon Prime is pretty crafty and clearly designed to evade detection by spam filters. Let’s have a look at it:
Now at first glance this looks like your typical scam email. Except for one thing:
The entire email is made up of a PDF that has elements, specifically the Sign In button, that can be clicked. This is designed from the ground up to evade detection by spam filters. I’ve only seen this method of attack with a Norton billing scam email before. Which makes me believe that the threat actor is counting on this hitting your Inbox with the ability to preview PDF’s turned on. Also, I assume that the threat actor is counting on the Sign In button being available to click. I say that because I am displaying this in macOS Mail which doesn’t allow you to click the sign in button. So Mac users are somewhat protected from this email. Windows users, not so much depending on what email program you use.
Now other than that, it has the usual hallmarks of a phishing email. Specifically:
Your Amazon account is on hold, which is meant to get you to pay attention.
If you don’t act quickly, your orders will be cancelled. Which is to create a sense of urgency.
They want you to click Sign In so that you can update your details. Or more accurately, the threat actor can steal them.
The quality of the English is marginal at best. A hallmark of scam emails.
And there’s this:
The domain used in this email doesn’t match @amazon.com or @amazon.ca or whatever.
Now let’s do something that you should never, ever do. I’m going to click on Sign In and see what happens. Since macOS Mail blocks this, I will use Adobe Acrobat to do this:
I have to admit that this is pretty low grade stuff here. But the fact is that a scam doesn’t have to fool everyone. It only has to fool a few people to be successful. And the fact that this is a scam is highlighted by this:
This clearly isn’t Amazon.com. But the threat actors are hoping that you’re not paying attention. And that’s as far as I got as it appears that the fake site was taken out of service as it redirected to the home page of the hosting provider. Perhaps Amazon got wind of this and took action? I am not sure. But the fact that the page above is still operational suggests that the threat actors could easily set up shop someplace else and try this again. Thus if you see an email like this, you know what to do. Delete it and move on with your day.
This entry was posted on April 16, 2023 at 8:59 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
A New And Crafty Amazon Prime Phishing #Scam Email Is Making The Rounds…. Let’s Have A Look At It
Now I cover a lot of these phishing scam emails. But this one that is related to Amazon Prime is pretty crafty and clearly designed to evade detection by spam filters. Let’s have a look at it:
Now at first glance this looks like your typical scam email. Except for one thing:
The entire email is made up of a PDF that has elements, specifically the Sign In button, that can be clicked. This is designed from the ground up to evade detection by spam filters. I’ve only seen this method of attack with a Norton billing scam email before. Which makes me believe that the threat actor is counting on this hitting your Inbox with the ability to preview PDF’s turned on. Also, I assume that the threat actor is counting on the Sign In button being available to click. I say that because I am displaying this in macOS Mail which doesn’t allow you to click the sign in button. So Mac users are somewhat protected from this email. Windows users, not so much depending on what email program you use.
Now other than that, it has the usual hallmarks of a phishing email. Specifically:
And there’s this:
The domain used in this email doesn’t match @amazon.com or @amazon.ca or whatever.
Now let’s do something that you should never, ever do. I’m going to click on Sign In and see what happens. Since macOS Mail blocks this, I will use Adobe Acrobat to do this:
I have to admit that this is pretty low grade stuff here. But the fact is that a scam doesn’t have to fool everyone. It only has to fool a few people to be successful. And the fact that this is a scam is highlighted by this:
This clearly isn’t Amazon.com. But the threat actors are hoping that you’re not paying attention. And that’s as far as I got as it appears that the fake site was taken out of service as it redirected to the home page of the hosting provider. Perhaps Amazon got wind of this and took action? I am not sure. But the fact that the page above is still operational suggests that the threat actors could easily set up shop someplace else and try this again. Thus if you see an email like this, you know what to do. Delete it and move on with your day.
Share this:
Like this:
Related
This entry was posted on April 16, 2023 at 8:59 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.