Cybercriminal Groups Launch New Scams Designed to Capitalize on Shopping Fever Before Black friday and the holiday season, the researchers warned.
In a blog post, researchers at security firm Avanan described one such campaign, first launched last month, in which fraudsters spoofed Amazon’s order notification. e-mails.
The goal of these knockoff emails is to trick the victim into calling a fake customer service number, in which case the crooks attempt to trick the person into exposing their credit card information.
“When you call the number, at first, no one will answer. After a few hours, a recall will take place, ”explained Avanan. “The person on the other line will say that in order to cancel the bill, they will need a credit card number and a CVV.”
Amazon invoice scam
According to Avanan, crooks are able to bypass email security filters by including legitimate links in the body, which point to the real Amazon website. While some phishing scams use bogus landing pages to collect credentials, in this case the links provide a more reliable path to inboxes, while leaving the victim with a false sense of security.
In addition to the theft of payment details, the scam doubles as a form of collecting phone numbers, laying the groundwork for future voice and text messaging attacks.
“Once [attackers] get the phone number, they can carry out a series of attacks, whether by text message or over the phone, ”the researchers wrote. “One successful attack can lead to dozens more.”
And this is just a relatively simple example. Due to the global chip shortage and supply chain disruptions, shoppers are expected to make holiday shopping earlier than ever this year, which will likely spawn a series of scams aimed at capitalizing on the level of the market. demand.
To guard against these types of attacks, buyers are advised to query the sender’s email address and the body of the message for anomalies that may indicate a scam. Additionally, it is a good idea to avoid calling unknown numbers unless they are also on the retailer’s website, and to avoid downloading unsolicited attachments that may contain malware.
To protect your devices from attacks, in the meantime, check out our list of best antivirus services, better endpoint protection software and better protection against ransomware.