Fake Amazon Websites

One of the frequent types of scams is fake websites that superficially resemble the original service or store. Beware of “Amazonexal[.]com”, which claims to be a branch of Amazon and offers items at heavily discounted prices. However, it is a fraudulent website and a typical case of scammers imitating Amazon to deceive people.

Also, be wary of websites like “Lainedmn[.]com” that impersonate Amazon to appear legitimate. These sites can compromise your security, and you may not receive any products or services in return. To stay safe, it’s important to remember the following key points:

• Both websites are newly created.
• Both websites use content from amazon.com and the Amazon logo but they do not have any official affiliation with Amazon.
• The owners hide their identity in WHOIS. These sites do not provide directory information.
• None of the sites have reviews and feedback.
• None of the sites have a social media presence besides victims’ complaints online.
• Both websites offer ridiculous discounts that are communicated through hyperbolic language and pictures.

Fraud experts assert that in the past 30 days alone, 2,300 new website domains were registered to impersonate Amazon. This is just the beginning, and the higher the price, the more fake sites will be created.

Here the list of latest fake websites were used in the scam:

• Amazon-activity[.]com
• Amazonexal[.]com
• Amazon.com.billing-inquiry[.]com
• 123.456.789.123/amazon[.]com
• Lainedmn[.]com
• amazon-store[.]com
• Amazon.com.billing-inquiry[.]com
• Amazon-activity[.]com

Be cautious of fake Amazon websites. Legitimate sites have a dot before "amazon.com" (e.g., http://”something”.amazon.com). Amazon Pay website is https://pay.amazon.com/. Beware of links to IP addresses (e.g., http://123.456.789.123/amazon.com/).

Amazon Prime Day Scams

Prime Day will take place for two consecutive days this year. Readers may be eager for Prime Day deals, but beware of scammers seeking to profit. In a typical scam, customers receive an email asking them to verify their account, which leads them to a fake Amazon website to enter their personal information.

Experts say most phishing scams targeting Amazon customers rely on their lack of understanding of how the retailer communicates with individuals. Amazon’s Director of Worldwide Buyer Risk Prevention, Scott Knapp, has stated that company representatives are unlikely to contact shoppers directly and ask about order details.

How to recognize fake emails:

• Amazon e-mails related to UK purchases will always come from an address ending in @amazon.co.uk.
• If you purchased an item from another international Amazon site, the email address must include the country in which you purchased the item. (For example, @amazon.es for orders coming from Spain)
• Amazon will never ask for personal information or passwords by email or text message.
• The retail giant assures customers they will never request payment or offer unexpected refunds over the phone.

Fake Coupons and Promos

Be cautious of emails and ads offering discount codes for significant savings on Prime Day. While genuine Amazon promo codes can be found on trustworthy consumer guide websites, scammers may also take advantage of these deals.

Be cautious of ads and forum posts asking for personal info in exchange for coupons. They may seem harmless, but are actually attempts to collect emails for marketing. In return, you may receive expired or fake codes.

Once you give your email address to a third party, they may compile and sell email databases to marketing vendors. This could lead to your email being added to a list of cybercriminals used for email-based attacks.

How to report a scam

• If you have been scammed, report it to Amazon support through their official website or phone number.
• You should inform your bank as soon as possible. This increases their chances of stopping the fraudster.
• Finally, report the scammers to the platform through which they contacted you.
• If you’re concerned that your Amazon account may be at risk, the seller’s website has tips to help protect your information.

Tips for safe Prime Day shopping

We have some helpful tips to prevent falling victim to scams. It is better to follow them all rather than picking one separate, as there is no universal solution.

• Double-check domain names. If the website address does not start with “Amazon.com,” it could be fraudulent. This applies to other online retailers as well. Look for misspellings, extra punctuation, or anything unusual in the address.
• Stick to Amazon’s official website, app, and stores for purchases. Amazon never asks for payment over the phone/email or through third-party sites.
• It’s safer to enter retailer URLs manually rather than clicking on potentially harmful links. If you receive a suspicious message claiming that you ordered something, check your Amazon account’s “My Orders” section to confirm.
• It’s essential to use a strong password and enable two-factor authentication. Passwords should be extended, unique, and random. Avoid reusing passwords across multiple accounts.
• Treat limited-time Prime Day deals with caution. Offers requiring immediate purchase may be cybercriminal traps.

Scammers don’t take breaks, and with Prime Day around the corner, it’s essential to remain vigilant against fraud. The tips we’ve provided can help safeguard you against online scams.

The post Amazon Prime Day Scams and Fake Amazon Websites appeared first on Gridinsoft Blog.

How Do Amazon Scams Work?

Scam artists use deceptive methods such as social engineering to trick people into thinking they are being fooled by the Amazon scams they create. New scams are found every day, thanks to these fraudsters. They pretend to be actual representatives of Amazon to lure you with enticing offers you can’t refuse. They’ll ask for your credit card number, money, or purchase from them.

Common Amazon Scams

1. Unauthorized Purchase Scam

Cybercriminals can abuse a customer’s account by fraudulently requesting expensive merchandise they don’t intend to purchase. They’ll often do this by using a phishing email or phone call. Crooks can ask customers to reveal their credit card information during a phone call or visit a phishing website. If customers comply, cybercriminals can drain their bank accounts through the sale.

2. Fake Technical Support

Scammers are impersonating Amazon employees and contacting people claiming there’s a problem with their accounts or orders. This is to steal personal and financial information, take money from you or gain access to your computer. Messages are accepted via phone calls, emails, texts, and even Messenger (Facebook). Regardless of the method of communication, the ultimate goal is to obtain consumers’ personal and financial information. Scammers have successfully obtained social security numbers, sensitive banking information, driver’s license numbers, credit card information, tax IDs, and other personal information. Amazon states that the company will occasionally contact its customers, but the company “will never request personal information via email, text messages, or phone calls”. Additionally, Amazon will never request payment outside of the website and will never request remote access to your device.

3. Malicious Links with Amazon impersonation

This method of data theft relies on the victim believing an Amazon email scams or text message is from Amazon. They’re instructed to click a link or open a message to address a technical issue with their account. However, this site is completely controlled by crooks who send you spam messages. Wherever you click or whatever you type – it will end up on their screens. Since such sites usually ask for login credentials, banking information or similar personal data, it will be pretty dangerous to share it with less-than-trustworthy actors.

4. Gift Card Scam

Gift cards are only accepted for purchases on Amazon. They can’t be used for any other brands or retailers. They can’t use them for any legitimate sale or transaction outside of Amazon. Additionally, you can’t use gift cards from other brands or retailers to make a payment on Amazon. Redeeming a gift card to your account must be done on Amazon’s website. Only use gift cards for other retailers and brands in their respective locations. You can utilize gift cards that include a card network brand (e.g., Visa, MasterCard, American Express, or Discover) at stores that accept these cards. However, please don’t give them directly to an individual for payment. Do not provide gift card information (such as the claim code) to someone you don’t know or trust. Always verify the identity of anyone requesting gift card information.

5. Payment Scams

Con artists often convince you to pay for their products outside Amazon’s secure payment system. They’ll offer discounts or incentives if you pay via PayPal or Western Union. However, paying them in that way makes them free to cheat with your item. Because the payment was made outside of Amazon’s platform, the buyer protection mechanisms won’t be helpful in these circumstances. Additionally, merchants likely will delete an account after this event.

6. Prize Scam

This message appears as a notification to users that they have won a prize. However, to receive it, they must click on a link – that is apparently malignant. The website is controlled by scammers who will either steal your username and password or make you pay for a “prize” you’ll never receive. Crooks may also apply using a spoofed payment page, which means exposing your bank card details.

How To Identify An Amazon Scam

• Check the email thoroughly. It probably needs to be more accurate if it has grammatical errors, unclear terminology, or indications of machine translation.
• Examine the tone of the message. A clear indication of a scam is a sense of urgency or desperation. Depersonated appeals (“Dear user” instead of mentioning your username) may be another marker.
• Be cautious of emails you are not expecting. It is surprising to hear about the discount on an item you’ve never been interested in, ain’t it? Don’t be naive and review things through genuine websites.
• Request to pay in a different payment method. Circumventing the Amazon payment mechanisms breaks the User Agreement, so both yours and the merchant’s account can be banned. More commonly, such a trick is a way to make the refund impossible.

How to report scams to Amazon

If you receive unsolicited communication from anyone claiming to represent Amazon, report it immediately. The most effective way to write the scam is to report it through Amazon’s website:

• Log in to your Amazon account on the mobile app or official website.
• You can access Amazon’s official customer service site by visiting the following URL: Amazon’s Customer Service.
• Navigate to the "Help" menu options and select Security and Privacy > Report Something Suspicious.
• Choose from the options, depending on how you responded to the suspicious communication.
• Make your report include as much information as possible. Examine the letter to get the merchant’s name, address, and screenshots of the correspondence. Pics of your chat and its offers will work out as well.

How To Prevent Amazon Scams

• Never send money outside of the Amazon payment systems.
• Avoid clicking on suspicious links. Log into your Amazon account by visiting their page or using the official app to check something.
• Never divulge personal information or credentials to anyone who claims to be representing Amazon.
• Call Amazon to verify if you observe anything questionable or unsure about someone acting as their representative over the phone.

The post Top Amazon Scams to Avoid: Be Safe at Amazon appeared first on Gridinsoft Blog.

What are Amazon Phishing Emails?

Amazon phishing emails are, eventually, what it sounds like. Those are email messages that try to mimic genuine notifications. Scam actors are trying to copy the original style of both background and text to make them look trustworthy. In rare cases, they will even establish an email address that mimics ones that are typically used by the company.

But what for? Well, as the company operates in different sectors, the hackers’ interests may range from stealing your money to gathering your sensitive info. The style of their emails change correspondingly, so it is not that easy to describe all of the possible cases. Fortunately, there are a lineup of scam signs cybercriminals cannot get away from.

How to spot Amazon email phishing?

As I said, frauds try to copy the style of original messages. The methods are same for a wide range of similar impersonation scams. Though, all of them share similar details – let’s check each one out.

Suspicious topics.

Scammers will often send emails from Amazon saying that you have won a prize, expired payment details, or need to update your account information. These scam emails intended to dupe you into believing that you need to contact them back. Whenever you receive an email claiming this, it’s best to disregard it and report the incident to the company directly.

Unusual formatting, spelling, or grammar.

Amazon employs a team of writers to carefully compose their emails. So, any errors in grammar, spelling, or formatting should raise red flags. Additionally, people should be on the lookout for phishing attempts when looking for mistakes in their messages.

Emotional language.

Emails that threaten recipients with arrest or claim they’ve won a large sum of money are good indicators that a scammer is attempting to manipulate their emotions. People should always be wary of emails that say “act now” or “you won!”.

Unfamiliar email addresses.

Look at the sender’s address of any Amazon fraud emails to determine if the message is legitimate. They may look similar to genuine, if crooks are doing their best, but they still cannot use original addresses. It is better to check past messages from the company or review their site to see the real emails they use.

How to report an Amazon email scam?

You’re not alone if you’ve received a phishing email. Reporting Internet scams helps businesses prevent future attacks on you and others. While figuring out how to report cybercrime can be confusing, Amazon makes it easy. To report a phishing email to the company, go to the customer service page and follow the on-site instructions.

How to protect yourself from Amazon scam emails

It’s important to keep a close watch on any emails that land in your inbox from suspicious senders. Particularly be wary of any emails from people claiming to work for Amazon security — they may be fakes. Additionally, pay attention to any unusual or flagrant red flags. Although it’s always best to be cautious and proceed with caution when dealing with the security email from anyone’s Amazon account, these tips can help you even further.

Using anti-track software can help you detect unusual activity. This is because strong passwords and a good password manager can keep hackers out of your accounts.

1. Don’t call a phone number

In an Amazon phishing email, intruders sometimes attach the mobile phone number to which you need to call. But don’t do that until you’ve tested the legitimacy of this letter. It is not worth calling such numbers for the following reasons: for connections with which you can withdraw a significant amount from your account, intruders will recognize your number, and you will be subject to vishing. Instead, call Amazon Support and see if they have sent such a message to your email.

2. Don’t reply to emails

Make it a rule not to answer all the letters you get. Even the fact that you respond with a small word still matters. This way, you maintain that your email is active, after which scammers will send you even more Amazon phishing emails.

3. Don’t give out private information via email, phone, or text

When sharing personal information, always remember who it is shared with and for what purpose. Sophisticated Amazon spam that uses spear-phishing techniques can be particularly difficult to detect, so it’s best not to give anyone passwords, login credentials, or financial information over a phone call, text message, or email – even if the request appears legitimate.

4. Keep up with the news about the latest Amazon scam email

A recent Amazon phishing scam falsely alerted Amazon Prime customers to large purchases on their accounts. Amazon Prime email scam emails contain a fake “service number” that victims can call to resolve the issue. Once contacted, scammers attempt to obtain Prime account credentials.

Hackers are always coming up with new solutions to evade detection and deceive victims. Amazon email scams are no exception. Staying up to date will help you identify and defend against the latest threats.

The post Amazon Email Phishing: How to Protect Yourself? appeared first on Gridinsoft Blog.

Paige Thompson, 36, a resident of Seattle, who worked as an engineer in Amazon Web Services, has been charged with seven felonies. She has been found guilty of five cases of unauthorized access to protected systems, damaging a protected computer, and wire fraud. For fraud alone, she faces up to 20 years in jail.

US Attorney Nick Brown noted that Paige Thompson had used her hacking skills to steal the personal information of more than 100 million people and hack computer servers for cryptocurrency mining. She was nothing like an ethical hacker: her intrusions were never a tool for protection improvements, which they could be. She exploited vulnerabilities she knew about to collect sensitive data and use it for her beneficiation.

Thompson was arrested in July 2019 after Capital One made a complaint to the FBI about a hack. Ms. Thompson has created a tool to seek incorrectly configured Amazon Web Services accounts. She managed to obtain data of more than 30 clients of the service, among whom there was Capital One bank. Upon finding a victim, Thompson went on with theft of personal data and installation of coin-mining malware. As a result, she collected data from over 100 million US clients of Capital One. Thompson even boasted about it on Internet chats and forums.

The court scheduled sentencing for September 15. Thompson faces up to 20 years for fraud and up to ten years altogether for two other charges: damage to a protected computer and unauthorized access.

The post A Former Amazon Employee Charged for Digital Fraud. Sentencing in September appeared first on Gridinsoft Blog.

The patch can be used to escape the container and escalate privileges, allowing an attacker to take control of the underlying host.

Let me remind you that in December last year, shortly after cybersecurity researchers alarmed about problems in Apache Log4j, Amazon released emergency patches that fix bugs in various environments, including servers, Kubernetes, Elastic Container Service (ECS) and Fargate. The purpose of hotpatches was to quickly fix vulnerabilities while system administrators transited their applications and services to a secure version of Log4j.

Let me also remind you that soon after the discovery of vulnerabilities, real attacks on the Log4Shell were recorded. Moreover, the experts also found out that the Chinese hack group Aquatic Panda exploits Log4Shell to hack educational institutions.

However, as Palo Alto Networks has now found out, the patches were not very successful and could, among other things, lead to the capture of other containers and client applications on the host.

The experts showed a video demonstrating an attack on the supply chain with the malicious container image and usage of an earlier patch. Similarly, compromised containers can be used to “escape” and take over the underlying host. Palo Alto Networks decided not to share details about this exploit yet, so that attackers could not use it.

In the next step, elevated privileges could be used by a malicious java process to escape the container and take full control of the compromised server.

Users are advised to update to the corrected version of the hotpatch as soon as possible in order to prevent exploitation of related bugs.

The post Amazon Patch for Log4Shell allowed privilege escalation appeared first on Gridinsoft Blog.

For a successful attack on a Kindle, just one book with malicious code is enough.

The potential attack began by sending a malicious e-book to the user’s mail. After receiving such an attachment, the victim only had to open it, and this launched the exploit. No additional user permission or action was required.

Even worse, the discovered vulnerabilities allowed attackers to target a specific category of users. For example, to hack a specific group of people or demographic group, a hacker simply had to inject malicious code into a popular e-book in the corresponding language or dialect. As a result, attacks became highly targeted.

The root of the problem lay in the structure of the parsing framework, namely the implementation associated with PDF documents. The attacks were possible thanks to a heap overflow associated with the PDF rendering feature (CVE-2021-30354), which allowed arbitrary write permissions on the device, and a local privilege escalation vulnerability in the Kindle App Manager service (CVE-2021-30355), which allowed combine two vulnerabilities into a chain to run malicious code with root privileges.

The researchers reported their findings to Amazon in February 2021, and already the April update of the Kindle firmware to version 5.13.5 contained a patch (the firmware is automatically installed on devices connected to the network).

Let me remind you that Researcher Found Three Bugs Allowing Hacking Amazon Kindle also this February.

The post Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device appeared first on Gridinsoft Blog.

The sharpest growth was noted in Europe, with North America and the Asia-Pacific region in second and third places respectively in the number of phishing campaigns. Most often (in 56% of cases) fraudsters sent letters on behalf of DHL. In second place is Amazon (37%), in third – FedEx (7%).

Back in early November, the US Centers for Disease Control and Prevention warned of the dangers of shopping malls during the holidays and recommended shopping online. As a result, the volume of online shopping in the country continues to break all records. In the first ten days of November, the holiday season, Americans spent $21.7 billion on online purchases, a 21% increase over last year. Shoppers will spend $38 billion over the 2020 Thanksgiving holiday weekend, nearly doubling the amount that was spent during the same period in 2019, according to DC360.

However, it’s not just stores that are preparing for the online shopping boom – the attackers are also mobilizing forces to earn on the holiday hype. Number of phishing attacks has doubled recently.

Now, in addition to fake discount offers and links to store sites, they are increasingly sending phishing emails on behalf of delivery services.

Unlike ordinary phishing emails, with the help of which scammers try to get personal data, information to enter the personal account of an online bank or card data, emails on behalf of delivery services contain various fake messages about problems or offers to track the package.

To solve a problem or in order to use the service, user must provide personal data or bank card details. It is no coincidence that scammers started sending out such letters in November, experts say, since this month many buyers of online stores are waiting for their purchases and more often pay attention to messages from delivery services. In addition, many users are already aware of the old methods of fraudulent sales, and traditional “bargains” no longer contribute to income of criminals.

Check Point Expert Tips for Safe Shopping:

• For different sites, use unique non-duplicate logins and passwords, go to the site not using a link from a letter that may turn out to be phishing, but open it through a search engine.
• Particular attention should be paid to the language and errors in letters and domain names: for example, attackers can use the .co extension instead of .com or make typos in the letter itself.

Let me remind you also that cybercriminals started using Google services more often in phishing campaigns.

The post Operators of phishing campaigns increased number of emails allegedly from delivery services appeared first on Gridinsoft Blog.

The problem was in CORS and XSS bugs, which affected several Amazon subdomains, and in configuration issues.

By exploiting these bugs, attackers could gain access to personal data (usernames, phone numbers, home addresses, voice history) and perform various actions on behalf of victims (for example, delete and install Alexa skills).

“It took just one click on a link, specially created by an attacker, to successfully exploit [the problems]”, — write the researchers.

For successful attack, the attacker needed only to create a malicious link that would direct the user to amazon.com and send it to the victim (by somehow forcing the user to click on it).

The researchers suggested using the vulnerable track.amazon.com for these purposes – this page is not associated with Alexa, but is used to track parcels from Amazon, and previously it could have been injected with malicious code.

Next, the attacker sent an Ajax-request with the user’s cookies received to amazon.com/app/secure/your-skills-page, which allowed him to get a list of the skills installed for this Alexa account.

The response to such a request also contained a CSRF token, which an attacker could use to remove one skill from the list. The attacker could then install his own malicious Alexa skill on the device in the same way. Replacing a remote skill with his own opened up many opportunities for the criminal, depending on the skills installed on the user’s device.

For example, it was possible to access the victim’s voice history, and then usernames, phone numbers, home addresses, banking data (Alexa does not record banking login credentials, but records other interactions).

“Smart speakers and virtual assistants seem so unremarkable that, at times, we lose sight of their role in managing a smart home, as well as how much personal data they store. For this reason, hackers view these applications as entry points into people’s lives, through which they can access personal data, eavesdrop on conversations and perform other malicious activities without the user’s knowledge”, — says Oded Vanunu, head of the vulnerabilities research department at Check Point Software Technologies.

Currently, Amazon engineers have already patched all discovered vulnerabilities. Additionally, company representatives stated that they were not aware of any use of these problems or disclosure of any information about customers.

We have already many times talked about vulnerabilities in IoT devices, for example, that Kr00k problem threatens devices with Qualcomm and MediaTek Wi-Fi chips. The Internet of Things is becoming a part of everyday life and it is full of new dangers.

The post Vulnerabilities in Amazon Alexa opened access to user data for outsiders appeared first on Gridinsoft Blog.

The malware established full control over infected devices, collected credentials, GPS from infected devices, made screen recordings, and so on.

At the same time, the malware carefully avoided infections in countries such as Ukraine, Belarus, Kyrgyzstan and Uzbekistan, Africa and the Middle East.

Mandrake has a three-stage structure, which allowed its operators to avoid detection by Google Play security mechanisms for a long time. It all started with a harmless dropper placed in the official application catalog and disguised as a legitimate application, such as a horoscope or cryptocurrency converter.

When such an application was downloaded on the victim’s device, the dropper downloaded the bootloader from the remote server. At the same time, the dropper himself was able to remotely turn on Wi-Fi, collect information about the device, hide its presence about the victim and automatically install new applications.

In turn, the bootloader was already responsible for direct downloading and installing Mandrake malware.

“The malware completely compromised the target device, gave itself administrator privileges (the request for rights was masked as a license agreement), after which it gained wide opportunities: forwarding all incoming SMS messages to the attackers’ server; sending messages; making calls; stealing information from the contact list; activating and tracking of the user’s location via GPS; stealing Facebook credentials and financial information and screen recording”, – report Bitdefender specialists.

Additionally, the malware carried out phishing attacks on Coinbase, Amazon, Gmail, Google Chrome, applications of various banks in Australia and Germany, the currency conversion service XE and PayPal.

Worse, Mandrake is able to reset the infected device to the factory settings in order to erase user data, as well as all traces of the malware’s activity. When the attackers received from the victim all the information they needed, Mandrake went into the “destruction mode” and erased himself from the device.

“We believe that the number of victims of Mandrake is tens or even hundreds of thousands, but we don’t know the exact number”, — writes Bitdefender expert Bogdan Botezatu.

The company’s researchers believe that for four years, all spyware attacks were coordinated by its operators manually and were not fully automated, as is usually the case. They also note that Mandrake was not spread by spam, and it seems that the attackers carefully selected all their victims.

Specialists were able to trace the Mandrake developer account on Google Play to a certain Russian-speaking freelancer hiding behind a network of fake company websites, stolen IDs and email addresses, as well as fake job ads in North America.

As for Friday, I remind you that For eight years, the Cereals botnet existed for only one purpose: it downloaded anime.

The post Mandrake malware was hiding on Google Play for more than four years appeared first on Gridinsoft Blog.