AWS, Amazon Web Services Security Center Email Phishing


Picture about AWS, Amazon Web Services Security Center Email Phishing
AWS, Amazon Web Services Security Center Email Phishing

Story: 

Subject: AWS Security Center – Amazon Web Services

Dear Amazon Account Holder,

You have an Important message from the Amazon. Your Amazon account will be restricted if you do not view and respond.

Click the below link to view message.

< Link >

Yours Sincerely,

Amazon

Analysis:

Email messages purporting to come from AWS, Amazon Web Services Security Center ask the user to confirm, update or verify his Amazon account data by visiting the link embedded in the message. The message is a hoax, a Phishing scam in fact.

Users should note that Amazon will never send their users emails requesting them to give their personal details in this way. The anchor text of links in these email messages (Amazon.com here) make them appear as legitimate URLs, but users are advised not to be fooled like this. This email is a Phishing attempt, and clicking on these links will take you to a spoof website appearing like Amazon, where the details you enter will be captured by the scammers. Some versions of these phishing emails also come with attachments trying to install malicious software on your computer. So users are warned not to click any links or download attachments, these emails must simply be deleted. On their website, Amazon also warns about these Phishing and suspicious emails:

Reporting Phishing or Suspicious E-mails to Amazon

If you receive an email purporting to be from Amazon and you aren’t sure if it’s legitimate, it may be a phishing email. Phishing emails look like they come from a reputable source, but in reality they come from a malicious person trying to trick you into opening an attachment or clicking on a link.

Some phishing e-mails contain a link to a website that looks like Amazon.com, but is not our site. The website may ask you for your Amazon username and password or try to install unwanted software on your computer in an attempt to steal your personal information or access your computer. Other e-mails contain links that may redirect you to other potentially dangerous websites.

The email may also include attachments, which typically contain malware that will be installed on your computer. If you received a message like this, you should delete it without clicking any links or opening any attachments.

If you wish to report an e-mail purporting to be from Amazon that you believe is a forgery, you may do so here: Report suspect e-mails to Amazon. You may also forward phishing emails and other suspected forgeries directly to stop-spoofing@amazon.com.

Scammers like this generally use reputed website names for phishing and stealing important information from users, a similar one in the past targeted Facebook accounts. One way to identify the destination URL of a link is to hover over it and see the target URL pop up at the bottom of your browser. In case of shortened URLs, you can use web service like URL X-ray.

Hoax or Fact:

Hoax, and a Phishing scam.

References:

Reporting Phishing or Suspicious E-mails to Amazon


Like it? Share with your friends!

64
22 shares, 64 points

Comments 0

AWS, Amazon Web Services Security Center Email Phishing