The Growing Digital Threat of Amazon Phishing Emails
Amazon phishing scams are increasingly common threats as cybercriminals create fake Amazon emails and sites to steal user data and money. We summarise Amazon's official anti-phishing advice and discuss how companies can train employees to identify and report the latest phishing tactics used by cybercriminals.
Online shopping giant Amazon is one of the most trusted and widely-used platforms on the internet. However, that trust and popularity has also made Amazon a major target for cybercriminals looking to steal personal information and money through phishing emails and texts.
Phishing refers to emails, texts, and websites disguised to look like they are from a real or trustworthy source with the aim of encouraging users to provide private data like credit card numbers, account passwords, or personal identification that can enable financial fraud or identity theft.?
Receiving an email that looks convincingly like it has come from Amazon.com or Amazon logistics urging you to click unusual links or provide sensitive login credentials should raise red flags about a potential phishing attempt to gain access to your Amazon account and connected payment sources.
Some indications an Amazon-branded message could be a phishing effort is if there are misspellings, odd links that don't lead to a legitimate Amazon URL, suspicious attachments, or unusual requests to confirm account details for unclear reasons.?
The messages often try to create a false sense of urgency via fictional security breaches, unpaid shipping fees, or account deactivation threats. Further examination will typically reveal something slightly “off” compared to a real message from Amazon to its customers.
Phishing pages get passed around cybercrime networks and forums all the time. For example, the image below shows someone sharing an Amazon phishing page that has an administration panel built in to collect all the credentials and information entered by victims.
The same user’s profile shows they also offer "bulletproof" hosting that allows phishing pages and botnets to operate without getting taken down. Sadly, this kind of thing is common - search across any cybercrime website and you'll find hundreds of examples.
领英推荐
Beyond just sharing phishing pages, cybercriminals actually sell phishing-as-a-service, providing everything needed to get the infrastructure up and running to steal people’s data. They make it incredibly easy for even less technical criminals to get in on the action and profit from unsuspecting internet users. It's a big business fueling online fraud across the web.
Preventing Amazon Phishing Scams
Amazon provides some tips on avoiding phishing scams on their website. They recommend watching for suspicious sender addresses, grammar issues, generic greetings, and requests for sensitive information.?
Being cautious when clicking links and attached files can also help you avoid falling victim. If you do receive a suspicious email or message claiming to be from Amazon, you can report it through their official reporting process.
Another great way to protect your team against phishing is by using a phishing simulation platform. Our Keepnet Phishing Simulator lets you test employees with over 1,600 AI-powered phishing templates, all in a completely safe test environment. Click here to start your free trial today.
The simulations cover the latest phishing tactics to train staff what to watch for. Detailed reporting provides insights into vulnerable areas and helps reinforce a culture of security awareness. Ongoing phishing simulation training is one of the most effective ways to empower your employees and reduce risk.
Schedule your 30-minute demo meeting here, and you'll learn how to: