"Amazon-Themed Phishing Campaigns Swim Past Security Checks"

Researchers at Armorblox have discovered a pair of phishing campaigns with hackers trying to impersonate as Amazon.  One campaign is a credential-phishing attempt, and the adversaries act as if an Amazon delivery had failed.  The email comes from a third-party vendor email, which was domain-spoofed.  The email informs the victim that their order will be canceled if they do not update their payment details within three days.  The email includes a link to “update Amazon billing information.”  If the victim clicks on the link, it leads the victim to a full-fledged Amazon lookalike site with a phishing flow that aims to steal login credentials, billing address information, and credit card details.   Once the phish is complete, victims are redirected to the real Amazon home page.

Threatpost reports: "Amazon-Themed Phishing Campaigns Swim Past Security Checks"