"Amazon Spoofed in New Attack"
Researchers at Avanan have discovered a new cyberattack that spoofs Amazon to steal victims' financial credentials. The digital deception combines brand impersonation with social engineering. The researchers first saw this scam in October 2021, and it is a two-part scam that begins with an email. The researchers stated that victims receive what looks like a typical Amazon order confirmation email containing links that all direct the user to the legitimate Amazon site. When trying to call the number listed, which is not an Amazon number, the scam begins, with the end goal of obtaining credit card information. Victims who dial the phone number will not receive an answer. However, a few hours later, they will get a call back from attackers based in India. To get the victims to call "Amazon," the attackers include high-price items on the fictitious emailed invoice. The researchers noted that this method of stealing financial details results not only in monetary gain for the hackers but serves as a form of phone number harvesting, enabling them to carry out further attacks by voicemail or text message.