This new attack vector disguises malicious links within seemingly legitimate Amazon gift card emails, creating a perfect social engineering trap that leverages both financial incentives and corporate trust. Upon clicking the “View My eGift Card” button or copying the provided URL, victims are directed to a convincing but fraudulent landing page designed to replicate Amazon’s gift card redemption interface. When analyzing the attack chain, the initial redirection leads victims to a site that requests their email address to “unlock” the gift card. The attack begins with victims receiving an email masquerading as a generous $200 Amazon e-gift card supposedly sent by their employer as a reward for outstanding performance. After submitting their email, victims are seamlessly redirected to a counterfeit Microsoft login page hosted at “sso.officefilecenter.com”, which perfectly mimics Microsoft’s authentication portal. The Cofense Phishing Defense Center documented how these emails bypass traditional email security gateways by mimicking legitimate reward notification systems. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The professionally designed email includes Amazon branding and emotionally manipulative language thanking the recipient for their contributions, creating a compelling reason to click through without suspicion. The domain “egift.activationshub.com” was registered mere days before the campaign launched, a common indicator of malicious intent. Cybercriminals have launched a sophisticated phishing campaign exploiting the popularity of digital gift cards to steal Microsoft credentials from unsuspecting users. Cofense researchers identified this campaign in early April 2025, noting its particular effectiveness in corporate environments where employees are accustomed to receiving recognition through digital means. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The only telltale sign is the domain name “officefilecenter.com,” which was registered less than a month before the campaign began. The attackers gather credentials in real-time, often using them immediately to access sensitive corporate information before victims realize they’ve been compromised. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 17 Apr 2025 11:55:04 +0000