Monday, 6 January 2014

"Unauthorized Activity on your Amazon account" phish

The New Year seems to have brought a new wave of phishing emails, here's a new one looking for Amazon credentials.

Date:      Mon, 6 Jan 2014 08:19:39 -0000 [03:19:39 EST]
From:      Amazon [noreply@trysensa.com]

Case- 91289-90990

Unauthorized Activity on your Amazon account.

We recently confirmed that you had unauthorized activity on your Amazon account.

Please be assured that because your card includes "zero-liability fraud protection" , you are not responsible for unauthorized use of your card.

Unfortunately, we have not confirmed your complete information , please follow the instructions below.

Click the link below to validate your account information using our secure server:

Click Here To Active Your Amazon Account

For your protection, you must verify this activity before you can continue using your account

Thank You.
Amazon LTD Security System
The link in the email goes to [donotclick]immedicenter.com/immedicenter/images/yootheme/menu/Amazon/index.php and comes up with a convincing-looking Amazon login page:


The next page phishes for even more information:


And now it goes after your credit card information:

And having stolen all your information, you get a nice message to say thank-you:

The hapless victim then gets sent to the genuine Amazon.com website.

In most email clients, floating over the link would clearly demonstrate that this was not the legitimate amazon.com website, and certainly once visited (not something I would recommend) then the address bar at the top of the browser would clearly indicate it is not amazon.com.

If you have accidentally clicked through this email and provided all the details then you should contact your bank immediately and also change your Amazon password plus any other places that you use that same username/password combination.

No comments: