Amazon Accountholders get Fresh Phishing E-mail

Amazon users are being targeted with phishing e-mails that while informing them that their accounts will be deactivated, aim at seizing their credentials, published softpedia in news dated November 5, 2011.

Displaying a subject line like "You have (1) message from Amazon," the spam mail directs the recipient that he should take down and complete one form given as an attachment so that he can keep utilizing his Amazon account.

Specifically, Sophos the security company says that the e-mail, addressing the recipient, tells him that his Amazon account will soon expire as well as will be shutdown. Subsequently, the e-mail requests the user to substantiate whether (wrongly written as 'wether') he wishes for continuing to utilize Amazon. Incase he does, he should take down a given form and fill it out, else overlook the message, the electronic mail concludes, according to Sophos.

Furthermore, Sophos discovered that the attachment in the e-mail was an HTML file containing a malware namely Troj/Phish-AZ, while the file led onto a page that asked for innumerable sensitive details capable of letting a hacker seize the user's account.

More precisely, when anyone opened the "NO003950033.html" attachment that led onto the online form containing Amazon's logo, he was asked to enter personal information like name, credit card number and address so his Amazon account became active again. These when completed and submitted, however, ended up getting loaded onto the distant online server of the phishers.

This way of consumers finding their Amazon accounts deactivated might result in especial hazards particularly during the current time of holiday shopping.

Remarking about this phishing scam, Graham Cluley, Senior Technology Consultant with Sophos stated that several PC-users might've gotten alert to phishing hazards, as also the knowledge of clicking web-links sent through spam mails that could lead onto fake sites.

Thus the expert, pointing out the indications evident in phishing e-mails said that legitimate e-mails hardly arrived, containing attachments particularly if they had HTML or .zip files. Moreover, there might be spelling mistakes in such e-mails, like in the case of "wether" instead of "whether," unlike the more legitimate company's electronic mail, he added.

Related article: Amazon’s Customers Latest Target for Phishers

» SPAMfighter News - 12/12/2011