Amazon ranks as the fourth most frequented website in the United States and ranks eight in the world, according to the report released by Alexa. It is an understatement to say that it receives a lot of web traffic on a daily basis. Given the sheer number of internet users who visit this site, it very disturbing to know that there is a new phishing campaign that is pretending to be from Amazon.
Even though Amazon receives heavy traffic on a daily basis throughout the year, things become busier during the holidays when shoppers head over to the company’s website to purchase Christmas gifts for their loved ones. Scammers are well aware of all these and are eager to take advantage of unsuspecting customers, thus the launch of their newest campaign. IT support and Security firms like EdgeWave are on the look out for the campaign’s development.
Scammers are sending out sophisticated and well prepared emails that seem like it came from Amazon. It even comes with subject lines that are specifically made to attract the attention of online consumers like "Your Amazon Order (order number) or "Your Amazon Order (order number) has been shipped out.”
If you are like most online shoppers who bought something from the site, you will most likely open and read the email for more details. You will then be shown something that looks like a legitimate order confirmation, even though if you look at it closely, you will see that it does not include the specific details of the product you ordered.
Instead of the actual details of your order, scammers will instead provide you an “Order Details” located at the bottom part of the email, which will ask the user to click the button for more details. Unfortunately, when the user click on it, it triggers the download of a word document into the device of the user. In case the user opens the file, he or she will receive a message asking them to enable the content so that the message can be displayed properly.
What it actually does is to enable the macros, which are used by scammers and hackers to inject poisoned code into the PCs of their victims all over the world. According to EdgeWave, when the malicious document is opened, a file is downloaded called 'keyandsymbol.exe' and it comes with an embedded code that were linked to mergedboost.exe.
At this point, a lot of people know that they should not click links or even open files that might come from a legitimate source. It is important to be very careful. The latest campaign emphasizes how important it is to regularly educate and remind online shoppers about the most common and newly discovered online threats.