With over 100 million members, it’s surprising internet criminals haven’t targeted this ever-expanding group sooner. Amazon Prime members are now being targeted and cyber criminals are trying to trick them into handing over their account credentials, personal information, and financial details. The phishing emails purport to be notifications from Amazon informing the recipient that they need to update their information within twenty-four hours or their account will be permanently disabled.
When a victim clicks the “Update Now” button in the email, they’ll be taken to a convincing imitation of an Amazon login page. After the victim enters their credentials, the phishing page will present a form for them to input their name, address, phone number, and date of birth. Next, they’ll be asked to provide their credit card and bank account information.
Finally, the phishing site informs the victim that their account has been recovered and says they’ll be automatically logged out. The victim is then redirected to the real Amazon website.
The email has several red flags like typos and bad grammar, but even if the emails are perfect—which they often are these days—it is a bad idea to click on the link in the email. You should always go directly to Amazon using your web browser and see if your account has any notifications. Think Before You Click.
More information can be found on the KnowBe4 blog.