The email claims that there was suspicious activity on the account, and it urges the user to reset their login and credit card information within 24 hours, or the account will be deactivated. The email is formatted with Amazon’s logo, and it claims the email is from Customer Support. It even uses a layout and font style that simulates real Amazon emails.
If a user clicks the “Update Now” button in the email, they’ll be taken to a convincing imitation of an Amazon login page. After they enter their login credentials, the phishing page will display a form asking for their name, address, city, state, ZIP code, phone number and date of birth. Next, the user will be asked to provide their credit card and bank account information.
Once that information is entered, the phishing site informs the victim that their account has been recovered and says they’ll be automatically logged out. The victim is then redirected to the real Amazon website.
The email has several red flags like typos and bad grammar, but, even if the emails are perfect—which they often are these days—it is always a bad idea to click on the link in the email. Instead, you should go directly to Amazon using your web browser and see if your account has any notifications.
Protect your organization with security awareness training
Phishing scams are on the rise. In fact, about 83% of organizations confirm that they were targeted by a phishing attack in 2018—a 7% increase from 2017. With these overwhelming statistics, it’s imperative for organizations to start focusing on how to better secure their business from cyberattacks.
At MainSpring, we recommend building up your last line of defense: your end users. The Automated Security Awareness Program (ASAP) offers new-school security awareness training that will teach your employees to recognize red flags before they fall victim to a phishing attack.