Amazon credential Phishing and Vishing attacks are on the move

July 24, 2020
amazon phishing vishing attacks

Amazon is an eCommerce company that currently has ‎US$14.541 billion in operating income in 2019. This eCommerce giant has been one of the go-to shopping platforms of people now more than ever because of lockdown implementation caused by COVID-19.

As many are ordering their stuff online as it’s safer than leaving the house excessively, Amazon has been a staple in people’s lives. Because of this, Cybercriminals were able to capitalize on this “new normal” situation and created several attacks that target Amazon customers.


Amazon Phishing Attack 

Based on the findings, the phishing email came from a legitimate third-party vendor but impersonates Amazon. The “Amazon” email is informing the victim that the delivery of their order has failed. Thus, they will need to update their payment information within 3 days; otherwise, the order will be canceled.

Here is the screenshot of the phishing email:

amazon phishing attack image 1


Once the “Update my billing” link is clicked, the victim will be led to a look-alike website with a phishing scheme where they will be asked to enter their login credentials, billing address, and credit card details.


amazon phishing attack image 2



amazon phishing attack image 3


After the phishing attack is successfully carried out, a “success” message will be shown on the screen. Users affected will be involuntarily redirected to the real Amazon Home page without ever noticing that they have been a victim.

The attack has been categorized as “Zero-day” as these are newly created domains and hasn’t been detected by anyone yet to be flagged as a suspicious domain. The fake Amazon domain used is – sttppcappr[.]com. As per the Fake email, the source email was named “Support Reply,” which doesn’t look suspicious at all.

Many can be fallen as victims in this attack as Cybercriminals use a sense of urgency as leverage in this attack and a flawless fake Amazon website.


The Vishing Attack

In this other scheme, attackers sent an email that pretends to be a legitimate email from Amazon denotes an order made. The email highlights a “Fraud Protection Team” contact information to be called just in case the order was not placed by the victim.


amazon phishing attack image 4


The vishing attack takes place once the target victim calls the “Fraud Protection Team,” – which then be assisted by a real person whose goal is to acquire personal information of the victim. This information consists of the Order number, Name, credit card details. Once this information was obtained, the phone number of the victim will be blocked.

As per the investigation, the email came from a Gmail account that impersonates Amazon.

The fake order in question involves a huge amount of money, as well as the sense of urgency involved, victims will likely fall into this trap.


Here at iZOOlogic, we do what we preach. As a value add, we campaign information and tips to large scale industries that are most vulnerable that are targeted by cybercriminals. We offer cybercrime solutions to these industries to help prevent and mitigate the effects of such fraudulent activities.

About the author

Leave a Reply