Amazon.com Hit by New Phishing Scheme

The latest flood of phishing scams termed as "man in the middle attacks" has found its latest target in Amazon.com. In his blog on Security Fix, Washington Post analyst Brian Krebs has reported that hackers have developed a fake site designed to lure customers of the widely patronized online vendor into revealing their login info.

The volunteer website Castlecops.com, which is concerned with privacy and security matters, notified Krebs about this scam, which starts as an e-mail communication requesting users to up date account information since some illegal dealings have been detected by Amazon.com.

Krebs writes that this kind of hoax guides the user to access his or her account at Amazon.com and then it shows the data that Amazon puts on display as soon as the user is logged in. People who give false or otherwise erroneous usernames and passwords will see a replica of the page Amazon users usually view in case they wrongly type in either one of these entries. The scams are not very different from the one that struck Citibank in the summer. Experts say that they are especially grave since none of the parties is aware of what is taking place.

Krebs goes on to say that the bait in this phishing onslaught is an e-mail that alerts the recipient about alleged improper activity on his or her Amazon account and advises that the account credentials be changed. Anyone who types in a legitimate Amazon username and password is told to furnish his or her date of birth, address and Social Security number.

Krebs reports that this phishing scheme, however, looks weak. The URL of the fake site was not done up to imitate the real Amazon site. Besides, the latest new anti-phishing tools contained in the most recent Internet Explorer and Firefox browsers seem to mark the bogus site as a phishing page.

Russell Dean Vines, head and founder of The RDV Group, a New York-based security consulting services company told SCMagazine.com that the man-in-the-middle exploitation is quite novel. He thinks that coming attacks will be more refined than this one. They will be more difficult to tackle.

Related article: Amazon’s Customers Latest Target for Phishers

» SPAMfighter News - 12-01-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next