An email is being sent to users having the subject line ‘New Security feature’ and its sender appears to be Amazon.
In this email, the company informs the recipient that a new security feature has been added and therefore, the user has to click on the provided link to update account information.
The email also notifies the recipient that this update MUST be done within 24 hours.
Amazon ‘Order Details’ Email Delivers Malware
However, this email hasn’t been sent by Amazon but just another phishing scam that has been designed to acquire your personal details and financial information.Dear Amazon.com Customer.
Example:
Android Users Receiving Amazon Gift Card Text Message Contains Gazon Malware
When you click on the provided link, you are immediately redirected to a fake website that looks exactly like the original Amazon website. When you reach that fake site, you are asked to enter your Amazon account login details, that is, your email and password.
If you do as directed, another fake webpage appears asking for more information including personal details like name, address and contact number(s). Then, a third fake webpage appears where you will be requested to submit your credit card details. US residents are asked to enter their social security number as well.
In the end, you will automatically be taken to the original Amazon webpage and you will be thinking that you have successfully and timely conducted the mandatory account update.
Afterwards, cyber criminals who sent that fake email will store all your information and will hijack your Amazon account. This way, they will easily commit crimes like identity theft and credit card fraud.
Amazon never sends its users unsolicited emails demanding to update account information by clicking a link. Therefore, always sign-in to your Amazon account by entering the website address into your web browser’s address bar instead of following URLs provided in emails.
Amazon customers are often targeted by scammers. You can always report to Amazon about such phishing emails on the address present on the company’s website.
Report typos and corrections to [email protected]