Beware This 4-Step Hack Attack

The standard security advice of do not click links in unsolicited emails is good as far as it goes, but with phishing attacks and hackers getting increasingly more sophisticated thanks to the use of AI, it’s not always that easy. As if one link wasn’t enough to have to avoid, this newly observed threat campaign targeting Amazon Prime users guides the victim through stage after stage of hackery designed to relieve the unsuspecting account holder of their login credentials, payment data and control over their shopping cart.

Forbes1 Million Stolen Credit Cards Given Away Free On Dark Web ForumBy Davey Winder

The Four-Step Amazon Prime Account Takeover Attack Explained

Any service that requires a subscription for the user to enjoy the full benefits is seen as a leading target for cybercriminals looking for leverage to gain your trust and access your account. The bigger the platform, the more ubiquitous the brand, the more likely it is that someone, someday, will try their luck and look to hack you. Adri Andaya, a threat analyst at the Cofense Phishing Defense Center, has published a Feb. 18 report detailing just one such threat campaign aimed squarely at users Amazon Prime. The attack methodology, Andaya explained, “not only targets login credentials but also seeks additional details, such as verification information and payment data, for illicit purposes.”

In the Cofense analysis, which I strongly recommend you go and read in full, Andaya divides the attack methodology into distinct phases, with the four main stages being as follows:

• A legitimate-looking Amazon Prime notification delivered by email. This advises the user that their subscription payment method has expired, uses a format that all but clones a genuine Amazon notification layout, and drives the focus of the potential victim towards a button to click that will let them supposedly check their account payment status. “The sender’s address has been spoofed to “Prime Notification” with the original address being a lesser-known domain that is not associated with Amazon,” Andaya said, but the urgency of the message is such that the attacker hopes the reader won’t spot this.
• A fake Amazon Prime security alert appears on the page that clicking that aforementioned button redirects to. Again, there are red flags such as the URL which is actually a Google Docs page and not an Amazon one. But, also again, the attackers hope that by asking for a security verification at this stage the victim might consider it legitimate and continue through to stage three.
• The Amazon Prime login page that, if completed, will steal your account credentials. Activating two-factor authentication would immediately put a stop to this nonsense right here by adding another layer of login security that such tactics could not bypass in this case. Andaya recommends that users also save the legitimate login page as a bookmark and only use that to when signing in so as to facilitate safe logins. If you’ve failed all the tests so far then you’ll arrive at step four in the Amazon Prime account hack process.
• The credentials update page which, rather suspiciously when you consider that logging in should take you to the Amazon home page, asks you to further secure your account by confirming everything from your mother’s maiden name, to date of birth and telephone number. “The phone number serves as a direct channel for communication,” Andaya warned, “especially when one-time passcodes or call verifications are required.”

ForbesHackers Share 3.9 Billion Stolen Passwords—What You Need To KnowBy Davey Winder

Mitigating Amazon Prime Hack Attacks And Scams

I have reached out to Amazon for a statement, but while researching a very similar story recently, a spokesperson told me: “Scammers that attempt to impersonate Amazon put consumers at risk. We will continue to invest in protecting consumers and educating the public on scam avoidance. We encourage consumers to report suspected scams to us so that we can protect their accounts and refer bad actors to law enforcement to help keep consumers safe. Please visit our help pages to find additional information on how to identify scams and report them at amazon.com/ReportAScam.”