Phishing tends to be one of the most commonly employed cyber attacks. It generally does not take much for a hacker to craft a convincing phishing email to dupe unsuspecting victims. A common method that they use is the impersonation or piggybacking of well-known and respected companies. For example, there was an incident where attackers sent emails posing as the video streaming company, Netflix, to attempt to steal credit card info from subscribers. In one of the most recent phishing campaigns, the target is customers of the internet retailer, Amazon.
The phishing begins with listings of “used-like new” electronic products on Amazon, which are listed at great prices. Once the customer tries to purchase them, they are eventually redirected to a fake site. If you fill in the data fields as prompted, the hacker will receive your credit card info.
How the Scam Begins
The perpetrator of this scam is a merchant on Amazon known as Sc-Elegance. They have shown up before, and have been a persistent problem for Amazon. According to Comparitech, “This isn’t the first time such a scam has been reported. We found complaints about fraudulent merchants–ScElegance in particular–dating back to November 15, 2016 on Amazon’s own forums.”
As stated previously, they will post electronics on Amazon at very appealing low prices. Once these products are added to your cart and you attempt to checkout, it will all of the sudden display that the product is no longer available. After this happens, you will receive an email that appears to be Amazon claiming it to be a mistake, and they will provide a link to the “Amazon” page where it is still available. Of course, the link is a fake, though it mimics the legitimate site very closely. Though, it does contain some slight spelling errors that, without close inspection, might go unnoticed. After filling out the payment fields on the fake site, the information will then be delivered straight to the hacker.
Protecting Your Accounts from Phishing
As mentioned earlier, phishing scams will use clever impersonations of respected companies to try and fool people. The reason they keep employing this method is because it is effective, and unfortunately, does fool many people. There are several indicators to be wary of on Amazon that can identify a phishing scam.
● The first and foremost being, a majority of the time, if it looks too good to be true, it probably is. This includes that ever desirable lower than seems normal price.
● When paying for items, always ensure you are using the official site or app. You can always verify the URL of the site if need be. Fake URL’s will look close to the original, but contain slight variations. The same goes for any emails received, as the email address or link URL will be slightly different than the original.
● When shopping on the web in general, look in the address bar of your browser for a green lock symbol. This indicates that the site you are using is secure.
● You can verify any affiliated retailers through Amazon’s official customer service. This method can be used when affiliate retailers seem suspicious or off in some way.
Even though phishing attacks tend to be quite prominent, they are also quite simple to avoid. They work hard to closely impersonate official businesses, but with a little due diligence, they can be identified and avoided quite easily. Cyber space is full of attackers looking to exploit unsuspecting victims, so staying on your guard even by simply verifying a purchase, can be the difference between becoming a victim or avoiding the attack. If something seems suspicious or off, it cannot hurt to do a little vetting to ensure the legitimacy.