Wednesday, December 7, 2011

Cybercrooks Handing Out Amazon-Flavored Spam Like It’s Candy

AmazonMany of us will be knocking out our holiday gift lists with the help of Amazon, so we’re likely to receive a number of emails from the largest online retailer.

Knowing this, cybercriminals are hard at work pumping out spam posing as official emails from Amazon in hopes of stealing your personal information or infecting your PC with malware.

You have (1) Message from Amazon


If you receive an email saying you have a message from Amazon that your account is about to expire, don’t bother opening it.

The spam message reads:
Subject: You have (1) Message from Amazon
Dear customer,

Your online account is about to expire and will be deactivated.

Please confirm wether you want to continue using Amazon or not.

If the answer is yes, download and complete the attached form.

If the answer is no, please ignore this e-mail.

Best wishes,
Amazon Team

Note - Do not reply to this e-mail.

According to Sophos, cybercrooks are hoping that you open the file attached, named NO003950033.html, which is a web form that’s anything but shy of asking for all of your personal details, including your name, address, phone number, birthdate and credit card information.

Although the form claims that divulging this personal information will prevent your Amazon account from being deactivated, it’s actually guaranteeing that the criminal mastermind behind this scam will have the means to knock out their Christmas wishlist. All thanks to your [credit card information] giving nature.

You’ve received an Amazon gift card! […Not!]


Beyond committing identity fraud, another favorite pastime of cybercriminals is planting malware on the machines of unsuspecting users.

That’s why in addition to the bogus Amazon account deactivation emails, internet scammers are also sending out spam disguised as an alert from Amazon stating you’ve received an Amazon gift card:
Subject: Your gift card order
From: Amazon

Dear customer, Amazon notification, You have received a gift card in the amount of $250 An offer of the gift card is valid until December 7. Take a chance and use our gift card, and as a bonus we will deliver your order free of charge. Your Amazon

As Troy Gill of AppRiver pointed out, the amount on the alleged gift card may vary, but the dangers lurking in the attached zip file (Gift_Card.zip) remain the same.

Contrary to the file name, Gift_Card.zip doesn’t contain an Amazon gift card, but a Trojan horse that will open up a backdoor on your machine and download additional malware. Surprise!

Don’t be fooled by Amazon Spam


With all of these spam emails going around, how can you tell what’s real and what’s not?

Amazon was kind enough to create a page to help you identify whether an email is from them, stating:

  • Amazon doesn’t send unsolicited email attachments. (Feel free to forward “Amazon” emails with file attachments to stop-spoofing@amazon.com WITHOUT opening the attachment.)

  • Amazon will never ask you for your social security, credit card information, mother’s maiden name or Amazon.com password.

  • Amazon likes to proofread their emails before sending them, which is not a common practice for spammers.

  • Amazon will never ask you to verify account information through a link in an email.


Stay safe, folks!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment