E-commerce sales have skyrocketed during the pandemic as people are looking to stock up on goods without going into a store. Amazon, of course, has been one of the biggest beneficiaries.
Hackers know this. And so they are targeting your Amazon account and payment information.
The Attack: Avanan researchers discovered two separate, but similar, attacks impersonating Amazon. Both attacks were stopped by Avanan, but passed by ATP scanners. Here's what one attack looked like:
And here's the second one:
Both are variations on the same theme, asking you to either enter your login credentials or update your billing information. Clicking on either link leads to a page that has you enter your valuable information that is then stolen by the hacker and used against you.
Why It Matters:
Brand impersonation is a rising threat vector. And it starts with big-name companies. According to one report, Google and Amazon are the most impersonated, each accounting for 13% of all incidents. But it also happens to smaller companies, too. It can vary from emails like the one above, or like in another attack we stopped that ATP missed, it can come in the form of a slick replica of the website of Ray-Ban, the sunglasses company:
Any brand that you use regularly is ripe for impersonation. Being extra careful when it comes to these sites is important.
Blocking them from reaching your inbox at all is even better.