CyberSecurityBoard
Sponsor Register Login

New Phishing Attack Targeting Amazon Prime Users To Steal Login Credentials

A sophisticated phishing campaign targeting Amazon Prime users has emerged, leveraging counterfeit renewal notifications to harvest login credentials, payment details, and personal verification data. Clicking the button redirects users to a fake Amazon security portal hosted on Google Docs, which requests account verification under the pretext of preventing unauthorized access. Researchers at Cofense noted that the campaign’s technical execution reveals advanced social engineering strategies, with threat actors exploiting Google Docs redirects and QR code-based payloads to bypass automated security filters. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This include the spoofed emails, fake security alerts, and fraudulent payment portals designed to mimic Amazon’s official interfaces. Unlike generic phishing sites, this campaign employs dynamic HTML injection to replicate Amazon’s multi-factor authentication (MFA) interface, including CSS stylesheets and JavaScript validation scripts. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Organizations should deploy email security solutions capable of detecting domain spoofing and inspect embedded links for redirect chains. This intermediate page primes victims for credential theft by mimicking Amazon’s security protocols. A subsequent page requests billing addresses, enabling threat actors to reroute physical mail or execute identity theft. Amazon has reiterated that legitimate communications will never direct users to third-party platforms like Google Docs. While the sender’s display name (“Prime Notification”) appears legitimate, the originating domain uses a lesser-known URL (hXXps[:]//docs[.]google[.]com/drawings/d/1rSqoqN1uTTbP4qnfKzx2ZbvSı), a critical red flag. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 26 Feb 2025 14:00:21 +0000


Cyber News related to New Phishing Attack Targeting Amazon Prime Users To Steal Login Credentials

Amazon Prime Video Ads 5 February - Adverts will start appearing for UK users of Amazon Video Prime on 5 February 2024, unless extra fee is paid. Amazon has confirmed that adverts will begin appearing for UK customers of the Amazon Prime Video service in early 2024. In an email to UK ...
1 year ago Silicon.co.uk
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
Cisco Foundation Grantees prioritize Indigenous leadership to protect the Amazon Basin - This is the first of our three-part series on Cisco Foundation grantees working in the Amazon and South America region. This series will introduce you to eight Cisco Foundation Climate Impact & Regeneration grantees working to support preservation ...
1 year ago Feedpress.me
Master the Art of Data Security - As we step further into the digital age, the importance of data security becomes increasingly apparent. As with all data storage services, it's crucial to ensure that the data stored on Amazon S3 is secure, particularly when it's 'at rest'-that is, ...
1 year ago Feeds.dzone.com
New Phishing Attack Targeting Amazon Prime Users To Steal Login Credentials - A sophisticated phishing campaign targeting Amazon Prime users has emerged, leveraging counterfeit renewal notifications to harvest login credentials, payment details, and personal verification data. Clicking the button redirects users to a fake ...
1 week ago Cybersecuritynews.com
The Dark Side of Digital Reading: E-Books as Corporate Surveillance Tools - Americans are reading digital books at a rate of three out of ten. In a market where the majority of readers are subject to both Big Publishing's greed and those of Big Tech, it is no surprise that these readers are subject to both the greed of Big ...
1 year ago Cysecurity.news
ACM will no longer cross sign certificates with Starfield Class 2 starting August 2024 - AWS Certificate Manager is a managed service that you can use to provision, manage, and deploy public and private TLS certificates for use with Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated AWS services. Starting ...
8 months ago Aws.amazon.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
11 months ago Cyberdefensemagazine.com
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
1 year ago Hackread.com
Amazon sues REKK fraud gang that stole millions in illicit refunds - Amazon's Customer Protection and Enforcement team has taken legal action against an underground store refund scheme that has resulted in the theft of millions of dollars worth of products from Amazon's online platforms. This lawsuit targets 20 ...
1 year ago Bleepingcomputer.com
Rundown of Security News from AWS re:Invent 2023 - Amazon Web Services has been unveiling a steady stream of announcements during its AWS re:Invent 2023 event in Las Vegas this week. The focus over the four days, as expected, is on AI as AWS strives to show that its offerings can match - or surpass - ...
1 year ago Darkreading.com
WordPress hosting service Kinsta targeted by Google phishing ads - WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials. Kinsta says the phishing attacks aim to steal login credentials for MyKinsta, a key service the company ...
1 year ago Bleepingcomputer.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com
"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
1 year ago Netcraft.com
Watch out for "I can't believe he is gone" Facebook phishing posts - This phishing attack is ongoing and widely spread on Facebook through friend's hacked accounts, as the threat actors build a massive army of stolen accounts for use in further scams on the social media platform. As the posts come from your friends' ...
1 year ago Bleepingcomputer.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
10 months ago Hackread.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
5 months ago Aws.amazon.com
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
1 year ago Bleepingcomputer.com
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
9 months ago Hackread.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com
What to do when receiving unprompted MFA OTP codes - Receiving an unprompted one-time passcode sent as an email or text should be a cause for concern as it likely means your credentials have been stolen. One of the initial components of a cyberattack is the theft of legitimate credentials to corporate ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)