A recently observed phishing campaign impersonates Amazon and states that the recipient’s Prime membership is set to renew; however, their payment method needs updating. The email includes a link that leads to a webpage with a Google Docs URL, claiming to be a message from Amazon Security and instructing the user to continue their verification.

If clicked, the user is redirected to another website and prompted to sign in to their Amazon account.

Once the user has “signed in,” they begin confirming their identity and payment card information.

When the user first submits their payment card information, they receive an error requesting that the card authorization failed and instructing them to change the details to another card. Despite submitting invalid payment card information to both forms, the user receives a “Thank you!” and is subsequently redirected to the latimes[.]com website.

Credential phishing campaigns such as this are pervasive and employ several tactics to convince users to provide account and personal information, including using stolen branding and language regarding account security. With many individuals using e-commerce sites such as Amazon for holiday shopping, users may be more inclined to click on links regarding these accounts and fail to exercise the same caution they would otherwise.

Recommendations

• Refrain from clicking links delivered in unverified emails.
• Sign in to online accounts directly on mobile apps or official websites.
• Ensure multi-factor authentication is enabled for all online accounts.
• Freeze your credit to reduce the risk of identity theft significantly.