Reputable and hardly suspicious – that’s how phishing emails, which have been circulating for several months and which allegedly come from Amazon, reach the mailboxes of many users. The reason for this is that those emails do not appear to be a cunning fraud but quite the opposite. They are so good in copying the design of a real Amazon email that they are hardly indistinguishable for end users. In addition, the cybercriminals use a personalized form of address in these phishing emails, which adds weight to the credibility of the email.
Example of such an Amazon phishing email (Click to enlarge image).
A phishing email personalized in this way is referred to as a “spear phishing attack”. These targeted attacks aim specifically at a single person or group of people. The behavior and personal data of target persons are spotted in advance in order to personalize the spear-phishing email the best possible way. Those fraud emails can only be identified through the sender address with which they were sent. These can, for example, be as follows:
- etis.15242209607102-1524220960gnure1524220960isila1524220960utka-1524220960ama@l1524220960iam1524220960
- ed.no1524220960zama@1524220960tiehr1524220960ehcis1524220960
- rh.no1524220960zama@1524220960ofni1524220960
- is.no1524220960zama@1524220960ofni1524220960
- ed.em1524220960oheni1524220960lno@e1524220960civre1524220960snedn1524220960uk1524220960
More detailed information about possible sender addresses, the structure of phishing emails and content can be found here.
What do the attackers want to achieve?
Referring in the email to the Federal Data Protection Act, the victims are requested to verify their data. By clicking on a link, they are redirected to a fake website that is almost indistinguishable from the real Amazon site. On closer inspection, only the URL used does not match that of Amazon.
On the fake sites, the people concerned should then disclose data of themselves. Otherwise the hackers threaten to block access to the account, as shown in the example above. This is, of course, a hollow statement. Anyone who responds to this request, however, transmits his data directly to the fraudsters. The cybercriminals use the obtained data to make purchases at the expense of the person concerned or to misuse them for other criminal activities.
Does Hornetsecurity Advanced Threat Protection detect fake emails?
Hornetsecurity Advanced Threat Protection is able to detect the new Amazon phishing emails as well as other targeted attacks. Safety mechanisms including Fraud Attempt Analysis, Identity Spooning Recognition and Intention Recognition can filter out threats of this kind. A loss of sensitive data can thus be prevented and Amazon phishing emails do not even get into the mailboxes of a company or employees.
Latest comments