Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan.

Image: iStock/OrnRin

As the holidays approach, cybercriminals will be pulling the usual stunts to take advantage of the season. That means we can expect scams that exploit retailers such as Amazon. A recent campaign spotted by email security provider Avanan spoofs Amazon with both a traditional phishing message and a voice call to try to steal credit card information.

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)  

In a report published Thursday, Avanan said that the initial phishing email looks like a typical Amazon order confirmation. However, the price of the alleged item listed in the email is high, which means the recipient is likely to call Amazon to verify or question the order. To further trick the user, the link contained in the email goes to the actual Amazon site.

However, the phone number displayed in the message is not an Amazon number. Calling that number, no one will answer. But after a few hours, someone will call back claiming to be from Amazon. That person will tell the user that to cancel the order, a credit card number and CVV number are required. If the victim takes the bait, the cybercriminal now has…

Read more…