Amazon phishing attack claims your account is about to expire

Filed Under: Malware, Phishing, Spam

AmazonHave you received an email telling you that your Amazon.com account is about to expire? Does the message urge you to confirm "wether" (sic) you wish to continue to use the account or risk deactivation?

Well, hold up a minute. Because if you respond to the notification in haste, you could be repenting at leisure.

Cybercriminals have widely spammed out an attack via email, posing as Amazon, in an attempt to trick users into handing over their credentials.

Amazon phishing email

Subject: You have (1) Message from Amazon
Attached file: NO003950033.html

Message body:
Dear customer,

Your online account is about to expire and will be deactivated.

Please confirm wether you want to continue using Amazon or not.

If the answer is yes, download and complete the attached form.

If the answer is no, please ignore this e-mail.

Best wishes,
Amazon Team

Note - Do not reply to this e-mail.

Sophos products detect the attached file as Troj/Phish-AZ and intercept the message as spam.

If you made the mistake of opening the attachment, you would be faced with a web form which asks you for your credit card details, date of birth and so forth before uploading them to a remote web server.

Bogus Amazon form

Many computer users may have woken up to the dangers of phishing, and how if you click on a link in an unsolicited message you might be taken to a bogus website. But are they also clued-up enough to realise that opening any attached file might also be an attempt to lure them into handing over personal information?

Do your bit for your friends and family, and warn them of the dangers that lurk on the net and might be attempting to compromise them via their inbox.

, , ,

You might like

4 Responses to Amazon phishing attack claims your account is about to expire

  1. Jackie · 999 days ago

    I have received the same kind of email from YouTube. They are telling me my YouTube account will be deleted on December 10 if I don't link it to some Google account! I am afraid to link it because I don't know what they are talking about. But certainly don't want my YouTube account deleted if it is true. Don't know what to do.

    • Rick · 999 days ago

      Don't do it! I got the same letter. I checked my youtube account and it was just fine. Someone's trying to phish you!

  2. Roger · 999 days ago

    Just received this on my computer a couple of minutes ago. Didn't bother with it. Spotted it right away. In the trash bin and now in the ether. Thanks for the warning. Going to send it out to my buddies right away.

    Roger

    • I wll probably foward it to Amazon's security team with the FULL header. I always foward phishing emails to the appropriate company so they can take action against the scammers.

      That said, Amazon account NEVER expires (I think).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.