You Didn’t Violate Amazon’s Policies But You Did Get Phished
Quick Answer
A common Amazon-themed phishing scam claims your account is locked for policy violations and asks you to click a 'Verify Now' link to log in. The email and the landing page both copy the Amazon logo and footer to look genuine, but the credentials you enter go to an attacker who then takes over the account and runs fraudulent purchases. Two simple defenses cut almost all of these: treat any inbound mail asking you to verify credentials as suspicious until proven otherwise, and run real-time phishing protection that keeps most of these emails out of the inbox in the first place and re-checks links at click time, so an accidental click on a malicious URL still gets blocked instead of completing the harvest.
If given a choice between violating Amazon’s policies and getting phished, I’d much rather tick off Amazon. But hackers think that you think differently, which is the motivation for their latest phishing scam.
From Hoax Slayer, “According to an email, which purports to be from Amazon, your account will be locked because of violated policies. Supposedly, you are required to click a link to login and verify your account. The email features the Amazon logo and seemingly legitimate footer information in an effort to make it seem genuine. However, the email is fraudulent and the claim that your account has been locked is false.”
The article goes on to say, “If you click on the ‘Verify Now’ link, a fake Amazon website will load in your browser. As with the email, the bogus site features the Amazon logo and other elements to make it appear genuine.”
From there, the bogus website attempts to harvest your credentials after which the crooks can take control of your Amazon account and make fraudulent purchases.
The bad news is that scams like this are very common with Amazon. The good news is that protecting yourself from them is very easy. First, you should always be suspicious of any email you receive asking you to verify your credentials. That’s always a dead giveaway of a phishing email. More importantly, there is inexpensive technology available to ensure you never have to worry about it.
Real-time phishing protection from DuoCircle protects you from scams like this two ways. First, it keeps most of these phishing emails out of your inbox so you never even see it. Second, and more importantly, if a phishing email gets through AND you accidentally click on a malicious link, DuoCircle phishing protection protects you from that too.
You should never be in a position where you have to choose between violating policies and getting phished. And you don’t have to with phishing protection from DuoCircle.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.