Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Amazon Prime. Show all posts
phishing
Amazon Prime Cyber Security Fake Emails PDF Files phishing

New Phishing Scam Targets Amazon Prime Subscribers

 


A new cyber attack is putting Amazon Prime subscribers at risk. Hackers are sending malicious emails warning users that their Prime membership is about to expire. These emails contain attachments with dangerous links that redirect users to fake websites designed to steal personal and financial information. Security experts warn that this is the latest example of cybercriminals using PDFs for phishing scams, exploiting the trust people place in these file types.

How the Scam Works

Researchers from Palo Alto's Unit 42 have identified this new scam, which relies on deceptive emails that appear to be from Amazon. The emails claim that the user’s Prime membership is expiring soon, urging them to take immediate action. Attached to the email is a PDF file containing a link that redirects users through multiple sites before landing on a fake login page. This page is designed to capture the user’s credentials, including passwords and credit card information.

The phishing websites are meticulously crafted to resemble Amazon’s official login page, making it difficult for users to distinguish them from the real site. Since June 2024, attackers have registered over 1,000 fake domains that closely mimic Amazon’s official domain, further complicating detection.

This type of attack is particularly dangerous because it exploits the perception that PDF files are safe. Hackers use this trust to bypass email filters and deliver malicious content. Javvad Malik, a security advocate at KnowBe4, warns that opening unexpected email attachments is risky. Many users fail to verify the sender’s email address before clicking on links, making them easy targets for cybercriminals.

Dray Agha, senior security manager at Huntress, explains that phishing techniques are constantly evolving. Cybercriminals are now using redirection techniques within PDF files to evade traditional security measures, making even cautious users vulnerable to these scams.

How to Protect Yourself

While Amazon is actively working to shut down these fraudulent websites, new ones continue to emerge. To stay safe, experts recommend the following steps:

  1. Avoid Opening Unexpected Attachments: Even if the email appears to be from Amazon, verify its authenticity before clicking on any links or opening attachments.
  2. Verify the Sender’s Email Address: Scammers often use email addresses that resemble official ones but contain minor spelling errors or inconsistencies.
  3. Ignore Urgent Emails: Hackers use urgency to pressure users into acting without thinking. If you receive an email claiming your account is at risk, log in directly through Amazon’s official website to verify the information.
  4. Access Amazon Directly: Instead of clicking on links in emails, type www.amazon.com directly into your browser to check your account status.

Amazon’s Response to the Threat

Amazon has acknowledged the scam and is actively working to take down fraudulent sites. The company encourages users to report suspicious emails or scams through its official support page. An Amazon spokesperson stated: “Scammers pretending to be Amazon put customers at risk. We urge customers to report suspicious emails to help protect accounts and take action against bad actors.”

Cybercriminals are constantly devising new ways to deceive users, but with awareness and caution, individuals can protect themselves from falling victim to these scams. By staying informed and following best practices, users can safeguard their personal and financial information from phishing attacks.

The new phishing scam targeting Amazon Prime subscribers highlights the evolving tactics of cybercriminals. By exploiting trusted file types like PDFs and creating convincing fake websites, attackers are able to bypass traditional security measures. Users must remain vigilant, verify the authenticity of emails, and avoid clicking on suspicious links. As Amazon continues to combat these fraudulent activities, awareness and proactive measures are key to staying safe in an increasingly complex digital landscape.

Read more »
US Federal Agencies
Amazon Prime Data Breach E Commerce FTC US Federal Agencies

Amazon Faces Lawsuit for Deceptive Prime Practices

Amazon, the e-commerce giant known for its convenience and customer-centric approach, is currently under fire as it faces allegations of tricking Prime customers. The company, which boasts millions of loyal subscribers to its Prime membership program, is now being sued by the US Federal Trade Commission (FTC) for deceptive practices.

According to the FTC, Amazon employed a misleading strategy to encourage customers to sign up for a more expensive Prime subscription when their intention was simply to stream videos. The lawsuit alleges that the company took advantage of its customers' desire for a seamless streaming experience and misled them into paying for a Prime membership without their explicit consent.

The complaint filed by the FTC reveals that Amazon's tactics involved a series of deceptive prompts and clickable links during the video streaming sign-up process. These prompts led customers to believe they were accessing the content they desired, only to be redirected to a page where they were prompted to join Prime at a cost of $119 per year.

The lawsuit further claims that Amazon failed to adequately inform customers about the subscription charges and the automatic renewal policy associated with the Prime membership. Many users were reportedly unaware that they were being charged for the service until they noticed unexpected charges on their credit card statements.

The FTC's legal action follows an investigation prompted by numerous consumer complaints regarding Amazon's billing practices. The regulatory body seeks to seek restitution for affected customers and to prohibit Amazon from engaging in similar deceptive practices in the future.

In response to the allegations, Amazon has defended its actions, stating that its practices were transparent and that customers were provided with clear information about the costs and benefits of Prime membership. The company believes that the FTC's claims are unfounded and intends to fight the lawsuit vigorously.

This lawsuit has significant implications for Amazon, as the Prime membership program is a cornerstone of the company's success. With Prime offering benefits such as free and expedited shipping, exclusive discounts, and access to a vast library of streaming content, it has attracted millions of subscribers worldwide. If found guilty, Amazon may face substantial financial penalties and be required to revise its practices to ensure greater transparency and customer consent.

The outcome of this legal battle will undoubtedly shape the future of Amazon's relationship with its Prime customers and may influence the broader e-commerce industry's approach to subscription-based services. In an era where consumer trust and transparency are paramount, companies must prioritize ethical practices and clear communication to foster long-term customer loyalty.
Read more »
Security
Amazon Prime Data Data Breach Data Leak Data Safety Data Theft Security

Leaked Amazon Prime Video Server Exposed Users Viewing Habits

A database containing Amazon Prime Video users' viewing habits, which was stored on an internal Amazon server, was accidentally exposed online and could be accessed by anyone with a web browser. 
Anurag Sen, a cyber-security researcher, discovered the database containing Amazon Prime viewing habits on an internal Amazon server that was accessible online. According to TechCrunch, the database was first detected as being exposed to the internet on September 30 by the search engine Shodan.

"But because the database was not protected with a password, the data within could be accessed by anyone with a web browser just by knowing its IP address," the report noted.

The database contained nearly 215 million viewing data entries, such as the name of the show or movie being streamed, the device on which it was streamed, and other internal data. The Amazon Prime Video database was eventually taken down from the Internet. According to an Amazon spokesperson, there was a "deployment error with a Prime Video analytics server."

"This problem has been resolved and no account information (including login or payment details) was exposed. This was not an AWS issue; AWS is secure by default and performed as designed," the spokesperson added.

'The Lord of the Rings: The Rings of Power' attracted more than 25 million global viewers on its first day, the largest debut in Prime Video history, and is closing in on 100 million viewers to date, according to the company's latest Q3 earnings call. It also kicked off Prime Video's inaugural season as the exclusive home of NFL Thursday Night Football with over 15 million viewers for its first game.
Read more »
Subscribe to: Posts (Atom)