Amazon.com Hit by New Phishing Scheme
The latest flood of phishing scams termed as "man in the middle attacks" has found its latest target in Amazon.com. In his blog on Security Fix, Washington Post analyst Brian Krebs has reported that hackers have developed a fake site designed to lure customers of the widely patronized online vendor into revealing their login info.
The volunteer website Castlecops.com, which is concerned with privacy and security matters, notified Krebs about this scam, which starts as an e-mail communication requesting users to up date account information since some illegal dealings have been detected by Amazon.com.
Krebs writes that this kind of hoax guides the user to access his or her account at Amazon.com and then it shows the data that Amazon puts on display as soon as the user is logged in. People who give false or otherwise erroneous usernames and passwords will see a replica of the page Amazon users usually view in case they wrongly type in either one of these entries. The scams are not very different from the one that struck Citibank in the summer. Experts say that they are especially grave since none of the parties is aware of what is taking place.
Russell Dean Vines, head and founder of The RDV Group, a New York-based security consulting services company told SCMagazine.com that the man-in-the-middle exploitation is quite novel. He thinks that coming attacks will be more refined than this one. They will be more difficult to tackle.
Related article: Amazon’s Customers Latest Target for Phishers
» SPAMfighter News - 12-01-2007