A new threat campaign targeting Amazon Prime users requires just four steps to compromise your account. Here’s what you need to know to keep safe.
, it’s not always that easy. As if one link wasn’t enough to have to avoid, this newly observed threat campaign targeting Amazon Prime users guides the victim through stage after stage of hackery designed to relieve the unsuspecting account holder of their login credentials, payment data and control over their shopping cart.
Any service that requires a subscription for the user to enjoy the full benefits is seen as a leading target for cybercriminals looking for leverage to gain your trust and access your account. The bigger the platform, the more ubiquitous the brand, the more likely it is that someone, someday, will try their luck and look to hack you. Adri Andaya, a threat analyst at the Cofense Phishing Defense Center, has published adetailing just one such threat campaign aimed squarely at users Amazon Prime. The attack methodology, Andaya explained, “not only targets login credentials but also seeks additional details, such as verification information and payment data, for illicit purposes.” In the Cofense analysis, which I strongly recommend you go and read in full, Andaya divides the attack methodology into distinct phases, with the four main stages being as follows: A legitimate-looking Amazon Prime notification delivered by email. This advises the user that their subscription payment method has expired, uses a format that all but clones a genuine Amazon notification layout, and drives the focus of the potential victim towards a button to click that will let them supposedly check their account payment status. “The sender’s address has been spoofed to “Prime Notification” with the original address being a lesser-known domain that is not associated with Amazon,” Andaya said, but the urgency of the message is such that the attacker hopes the reader won’t spot this. A fake Amazon Prime security alert appears on the page that clicking that aforementioned button redirects to. Again, there are red flags such as the URL which is actually a Google Docs page and not an Amazon one. But, also again, the attackers hope that by asking for a security verification at this stage the victim might consider it legitimate and continue through to stage three. The Amazon Prime login page that, if completed, will steal your account credentials. Activating two-factor authentication would immediately put a stop to this nonsense right here by adding another layer of login security that such tactics could not bypass in this case. Andaya recommends that users also save the legitimate login page as a bookmark and only use that to when signing in so as to facilitate safe logins. If you’ve failed all the tests so far then you’ll arrive at step four in the Amazon Prime account hack process. The credentials update page which, rather suspiciously when you consider that logging in should take you to the Amazon home page, asks you to further secure your account by confirming everything from your mother’s maiden name, to date of birth and telephone number. “The phone number serves as a direct channel for communication,” Andaya warned, “especially when one-time passcodes or call verifications are required.” I have reached out to Amazon for a statement, but while researching a very similar story recently, a spokesperson told me: “Scammers that attempt to impersonate Amazon put consumers at risk. We will continue to invest in protecting consumers and educating the public on scam avoidance. We encourage consumers to report suspected scams to us so that we can protect their accounts and refer bad actors to law enforcement to help keep consumers safe. Please visit our help pages to find additional information onWhat We Know About Pentagon Cuts: Defense Department Announces Thousands Of Layoffs—Starting Next Week
Amazon Prime Scam Amazon Prime Hack Amazon Prime Security Amazon Hack Amazon Phishing Cofense How To Secure Your Amazon Account From Hackers Amazon Prime Hack Attack
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
New Google Chrome Security Warning For 3 Billion Users—Act NowGoogle has issued a high-severity security warning for billions of Chrome browser users across Windows, Mac, Linux and Android—don’t ignore it, act now to stay safe.
Read more »
Japan's Prime Minister Ishiba Focuses on Regional Security and US TiesJapan's Prime Minister Shigeru Ishiba, facing a precarious political situation, outlined his priorities for the year, emphasizing regional security and strengthening ties with the United States. Ishiba expressed concern about the shifting balance of power in the region and highlighted the need to deepen cooperation with Washington to prevent instability.
Read more »
If you use the Chrome Browser, you need to heed this security warning now!Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon.
Read more »
Gmail Security Warning For 2.5 Billion Users—AI Hack ConfirmedDescribed by one victim as the most sophisticated attack ever seen, all Gmail users are warned to take this hacking threat very seriously indeed.
Read more »
Democrats Rally Against DOGE, Warning of Social Security CutsDemocratic lawmakers are furious over Elon Musk's DOGE department and its push to cut federal spending, holding a rally outside the Social Security Administration (SSA) to protest potential cuts. They accuse DOGE of targeting essential programs and creating a climate of fear.
Read more »
Palo Alto Networks Simplifies Cybersecurity With Cortex CloudPalo Alto Networks launches new cybersecurity solution to unify cloud security, security operations and application security.
Read more »