Fraudsters are sending out fake Amazon order emails and tricking online shoppers into calling a telephone number manned by them to steal the shoppers’ credit card details and other sensitive information.
The fake Amazon order emails
Armorblox has recently spotted two distinct email campaigns impersonating Amazon. Both are telling the targets about a bogus order they have supposedly placed with the shopping giant and both are directing recipients towards a phone number that does not belong to the company.
Both emails look contain Amazon branding and follow a structure similar to real order confirmation emails from Amazon but, if one knows where to look, there are many indications that the emails are fraudulent.
For example, the emails are sent from a Gmail address or one that looks like it “might” belong to Amazon (no-reply@amzeinfo[.]com) and the recipient is not addressed by their name (a piece of information Amazon would know).
The fraudsters have avoided including a malicious attachment or URL / link, which enabled them to bypass any detection controls that block known bad links, Armorblox researchers noted. They also made other choices that allowed them to slip past any deterministic filters or blocklists that check for brand names being impersonated (e.g., by writing AMAZ0N – with an zero instead of an “O”).
The actual Trojan horse in these emails is the proffered phone number that recipients are urged to call in order to place a return request or dispute the (bogus) order.
Beware of triggering emails
The researchers called both numbers. The first was answered by a real person that pretended to be from the Amazon team and asked them for the order number, name, and credit card details before cutting their call and blocking their number. Nobody answered when they called the second number and, after a while, the number seemed to have been taken down.
Unfortunately, a number being taken down is no great stumbling block for fraudsters, because they can quickly set up another one and send out emails with the new number.
With online shopping becoming the norm, fraudsters will continue targeting this global and immense pool of potential victims.
Users would do well to be extra careful when evaluating the legitimacy of unsolicited emails that leave them puzzled, worried, enraged, pique their curiosity or urge them to act quickly – in short, every email that triggers a strong emotion and tries to create a sense of urgency.
Needless to say, if you have learned not to open attachments and follow links from unsolicited emails, now is the time to learn that included phone numbers may also be malicious. If you’re worried that you might be billed for an order you did not make, go to the shop’s website and find the correct phone number yourself.