This article has been created in order to explain to you what is the Amazon Phishing Scams and how you can remove them as well as all potentially unwanted programs delivered through them.
The Amazon Phishing Scams are a set of email phishing campaigns that attempt to manipulate that targets into interacting with malicious scripts. At the moment we do not have information about the perpetrators behind it. Our article gives an in-depth explanation of how it propagates and how victims can attempt to remove active infections.
|Name||Amazon Phishing Scams|
|Type||Phishing email scam|
|Short Description||The Amazon Phishing Scams is a recent example of the scam tactic that extorts the targets into interacting with a scam site.|
|Symptoms||Victims will receive email messages that contain the phishing instructions.|
|Distribution Method||Phishing emails.|
See If Your System Has Been Affected by malware
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Amazon Phishing Scams.|
Amazon Phishing Scams — July 2020 Disabled Account Message
July 2020 saw the sending out of several new Amazon-themed phishing campaigns. This is midst the COVID-19 crisis which has shifted many Internet users into relying much more on e Commerce sites such as Amazon. Due to their rise in popularity computer hackers are now sending out more and more email messages that contain spam and fake messages that are designed to look like official Amazon notifications. There have been three independent campaigns which include different signatures showing that separate hacking groups are behind them:
- Domain Spoofing Campaign — The first campaign lists email messages that are sent out by third-party vendors that appear to have been hijacked. A part of these messages may also be spoofed according to the security analysis. The posted in links contain legitimate and authentic links to vendors accounts which has allowed the messages to pass through the firewalls and virus scanners. The messages appear as order cancellation messages. A phishing button reading update Amazon billing information will lead to a login page that will request the credentials of the recipients.
- Amazon Delivery Order Phishing Campaign — The second email phishing campaign includes fake communications that appears to be sent by Amazon. This notification lists a phone number linking it to a team called Fraud Protection Team — the recipients will be lead to call the number. This will initiate a fake tech support phone scam which will use manipulate the users to give in their account data.
- Shipped Amazon Order Notification — Another email scam which has been capture by the hackers uses a Gmail inbox in order to impersonate Amazon. It includes dangerous links to fake login prompts.
Amazon Phishing Scams — March 2020 Disabled Account Message
In March 2020 a new ongoing Amazon phishing scam has been detected. This time the hackers are attempting to impersonate the online retailer. The scammers are sending in email phishing messages and site notifications which will lure in the victims into thinking that their accounts are to be closed. The manipulation will be based on a fake message that states that inactive accounts are to be removed by the company. The hackers will cite a non-existing terms and conditions clause. The users will be manipulated into opening a shortened link which will lead to a fake login page where user accounts will be hijacked. When the users enter in their data it will be automatically transmitted to the hackers.
According to the scam messages accounts which are to be disabled will lead to the following behavior:
- The user will not be able to purchase products from Amazon or partners
- The user will not be able to sell or advertise their products on Amazon
- The user will not be able to create or use another account in his name
- All product shipments will be canceled
Amazon Phishing Scams – Distribution Ways
Amazon phishing scams can be obtained from various sources. One of the most common ones are the use of email SPAM messages that are sent according to a list of target recipients. The emails will be designed to look like actual notifications sent by the company. This is done by using several techniques, among them the main one relies on the use of the same design and layout as the real Amazon notification messages. The hackers will hijack the design elements consisting of both images, background and content. In addition the criminals behind the ongoing attacks will use similar sounding domain names to Amazon or their services. Together with fake (or legitimate) security certificates the users may be manipulated into interacting with these pages. In some of the cases the users may be redirected to real or fake login pages.
Various Amazon phishing scams can also be delivered via infected payloads of which there are two popular types:
- Software Setup Files — The criminals can produce malicious installers of popular applications. Usual victims are software that are commonly installed by end users: creativity suites, productivity apps and system utilities. Whenever the installers are engaged during setup or when the process is complete the scam page will be produced — either in a browser, application frame or pop-up window.
- Malware Documents — Various infections, including those with phishing scams, can be caused by interacting with virus-infected documents. They can be of any of the popular types: rich text documents, spreadsheets, presentations and databases. Once they are opened by the victims a notification will be spawned asking the users to enable the built-in code. If this is done then the virus infections will be started.
In some occasions the scam messages can also be presented in the end of the malicious web browser plugins. They are usually made compatible with the most popular web browsers and are distributed both on the relevant repositories, as well as other sites, communities, chat rooms and etc. The relevant web browser plugins are uploaded with fake user and developer credentials featuring elaborate descriptions with promises of added functionality and performance enhancements. Once they are installed the built-in behavior code pattern will be started. Most of the dangerous strains will change the default options of the web browsers to redirect the users to a hacker-controlled page by changing the most freqently used settings — default home page, new tabs page and search engine. In this case this can various Amazon phishing scam pages.
Amazon Phishing Scams – In-Depth Overview
The Amazon Phishing scams can have various effects upon the victim machines. Their primary goal is to coerce the recipients into thinking that they have received a legitimate message from the e-commerce site or any of their services. Each attack campaign may be operated by a different hacker collective or individual criminal. Phishing scams are one of the most common Internet crimes that continue to be an effective way to trick computer users worldwide.
Interaction with them may lead to virus infections as they often contain malicious scripts or links to hacker-controlled sites. This is especially true when the criminals attach or send links to files. There are three primary types of data that are observed with such scam emails:
- Direct Virus Files —Actual virus files of different types can be attached to the email messages.
- Malicious Documents — The Amazon Phishing scams can serve as a conduit for documents containing malicious elements. They can be of any of the popular file types: presentations, spreadsheets, rich text documents and databases. Whenever they are opened a notification box will appear asking them to enable the built-in code. Whenever this is done the included payload will be deployed and started.
- Infected Software Installers — The email messages can include body contents that include setup files of ofen used applications. Examples include system utilities, productivity applications and creativity suites. Whenever they are installed the malicious payload will also be placed on the victim computer.
Another dangerous threat connected with Amazon phishing scams is that they can link the victim recipients into fake login pages. They are designed to fool them into thinking that they are entering their account credentials to the legitimate service. Instead their account credentials will automatically be hijacked and sent to the respective hacker operators.
Some of the phishing scams can also display intrusive ads taking various forms — pop-ups, banners and in-line links. In most cases they are sponsor-related and will pay the hacker operators a certain fee when a pre-agreed number of clicks are generated.
Another instance that relies heavily on scripts execution is the deployment of tracking cookies and/or a data collection module. They can both harvest sensitive data that can be categorized into two main groups:
- Personal Information — The tracking cookies and associated scripts can expose the identity of the users by looking for strings such as their name, address, phone number, interests, location and any stored username and password combinations.
- System Data — A report of the installed hardware components can be generated and sent to the hacker operators. Other data that can be part of this collection of information includes user settings and operating system values.
WARNING! In certain cases the scripts can also lead to Trojan infections — viruses that establish a secure connection to a hacker-controlled server. This allows the operators to spy on the users in real time, deploy various threats and take over control of the victim machines at any given time. This also allows them to hijack any file available on them. The other possibility is to deploy a ransomware virus which will encrypt target user data according to a built-in list of target file type extensions.
Amazon Phishing Scams — Amazon Email Gift Scam
A wave of phishing email messages have been reported to carry Amazon related scams. The victims will receive them with the subject line “Outline of our recent discussion”. They will explain the recipients that they have been chosen to receive a gift from Amazon. The explanation will be that this is after a giveaway which was completed shortly before the message has been sent. More information is to be disclosed when clicking on the page that also contains the redeem instructions. A long URL is presented in the email message and contains strings like “safe”, “protection” and “outlook” all of which refer to legitimate contents.
The recipients will be explained that they need to enter in their contact information in order to receive the gift. The redirect link will request a lot of personal information, including the account credentials from their Amazon profiles and possibly even payment card information.
Amazon Phishing Scams — Order Confirmation
This is an alternative order confirmation page phishing scam which is being distributed in targeted email campaigns against users worldwide. Using email redirects it can even land in the inbox of the users are not be registered as SPAM at all. Its body contents copies Amazon even in fine details which makes it very hard to differentiate between the scam messages and real notifications that are sent by the company. Some of the captured scam samples utilize personalized openings which shows that the hackers behind the attacks have obtained information on the victims. This can greatly increase the number of infected users.
There are several elements in the email messages that refer to order details and information:
- Estimated Delivery Date
- Shipping Method
- Payment Summary
If the criminals spoof the order details information then a very convincing phishing attack can be planned. The main link into which the victims are guided to (Order Details) will redirect the users to a fake login page.
Remove Amazon Phishing Scams — Amazon Please Respond Emails
Many computer users have received phishing email messages that imitate Amazon notifications. Instead of the legitimate domain of the online service the messages originate from an unknown address hosted on Hotmail which is surely a sign that it is fake.
The scam tactics will offer the recipients participation in a survey regarding a purchase with Amazon. They are promised a lucrative reward for providing the requested feedback. The message will quote details about the fake order by specifying an order ID, email delivery and estimated delivery. Such promises should be disregarded as soon as they are received, most online merchants do not engage in such promotions or offers.
The messages are easy to identify and categorize as scam by looking out for this section:
We are not affiliated nor partnered with Amazon. Amazon has not authorized, participated it, or in any way reviewed this advertisement or authorized it.
To be removed please Unsubscribe here or write to
PO box 971, Reno NV 89504
This is marketing email, 1401 Lavaca Street #107, Austin, TX 78701
From the body contents it is evident that the source of the message is a marketing agency that has harvested the credentials of the recipients. It is possible that the data has also been extracted from other sources such as browser hijackers, leaked databases or even tables with data from the underground markets.
Amazon Phishing Scams — Prime Membership
A newly published security report shows a new kind of Amazon phishing scam wherein the victims will receive an email message that will be masked as being sent by the company itself. Their body contents will be designed using the typical Amazon web elements. The recipient’s email address will be placed in the beginning with bold text which may confuse them into thinking that this is personalized. Amazon messages will use the person’s real name and other related elements and other information that are disclosed during user registration. However in some cases their email can be cross-linked to public records or databases obtained through the hacker underground markets.
The body contents of the messages will falsely display a notification that a Prime membership was purchased for a long period (6 or 12 months) and that they can cancel the automatic renewal by visiting a certain site.
If they click on the link the users will be redirected to a fake login page. If their account credentials are entered they will automatically be transferred to the hacker operators of the scam. As a result the hijacked information can be used for crimes like blackmail, identity abuse, financial theft and etc.
Amazon Phishing Scams — Amazon Order Confirmation Email
The victim users may receive email messages claiming to be from Amazon. In fact they are phishing attempts that utilize domain names that are not affiliated with the company. At the same time they use links and design layout which may be confused with the real company.
The message will read that the recipient’s Amazon account was used to buy a $250 Gift Card from a device that was not previously associated with the merchant. They are coerced to verify or block the transaction by clicking on a text link. This action will redirect the users to a fake login page which will request the account credentials of the quoted Amazon account.
Amazon Phishing Scams — Amazon Shopping Experience Reward
This scam strategy is a recent example of a phishing tactic that relies on sending out email messages that are designed to appear as being sent by Amazon. The emails are designed as being a shopper survey page that is non-personalized and appears to be sent by the company. It asks the users to rate their recent shopping experience by selecting one of the following options: very satisfied, satisfied, neutral, dissatisfied and very dissatisfied. When one of these options is selected the victims will be redirected to a phishing login page that will request their Amazon account credentials.
Some of the warning signs of a potential phishing email scam message are the following:
- The top-right screen will show “Amazon Shopper” instead of the customer’s real name as registered in the company’s records.
- The showing of a fake or randomly-generated account number that does not correlate with the real one assigned to the users.
- Promo survey links, if sent at all, will not lead to login pages.
- The company address and name will be to Amazon and not to other companies.
Amazon Phishing Scams — Order Notification
The malicious actors behind the Amazon phishing scams have developed another scam tactic which coerces the recipients into thinking that they have made an order with Amazon. Legitimate-looking images, overall layout and design elements are used with these messages which leads to a higher chance of infecting users.
The sent email messages will include a link allowing the users to verify their order, if it is interacted with it will cause a malicious activity. There are two popular cases which represent the majority of incidents:
- Link To Hacker-Controlled Page — Clicking on the link can redirect the victim users to a phishing login page which will request their Amazon account credentials.
- Malware Delivery — Clicking on the link may download a file or script that may be a virus or a payload delivery carrier. Interaction with it can lead to dangerous system infections.
Amazon Phishing Scams — Account Verification
Amazon phishing messages can also take the form of faux notifications that are sent in by the company’s “Assistance Center”. The recipients will receive emails that are designed using the usual layout that is expected to come from the company. The victims will be shown a message stating that their accounts will be locked. The reasons quoted are because the account is subject to policy violations. In order for this to be done the hackers instruct the recipients to login to their accounts and then click on a hyperlink where they will need to follow the instructions. There are several scenarios that can be used to lead to attacks:
- Fake Login Prompts — The hackers can present faux login prompts that will hijack the account credentials that are entered inside.
- Malware Redirect — The hyperlinks will lead to a malware site that can lead to other infections.
- Virus Downloads — The links may lead to viruses of all common types.
Amazon Phishing Scams — Fake Amazon AWS Notifications
A new phishing campaign takes advantage of the fact that the computer criminals behind it have the ability to manipulate the email recipients into believing that they are receiving notifications from the Amazon AWS service. This is the industry giant’s cloud hosting infrastructure which is particularly popular among both home users and big companies.
What’s particularly dangerous about them is that the emails are designed to look just like the original notifications that have been sent by the company. They will state that the accounts of recipients are suspended due to a lack of payment. In order to fix this issue the users are proposed to click on an embedded hyperlink.
This can lead to different consequences. The most common one is the presentation of a login prompt, if the users enter in their account information then it will be sent to the hackers immediately. Another strategy used by hacking groups is the direct opening of a payment page which will directly request payment card details. In some cases the hackers can also redirect the visitors to a malware page. It can distribute viruses, show intrusive ads and lead to other type of dangerous behavior.
Remove Amazon Phishing Scams from Windows and Your Browser
If you want to remove the Amazon Phishing Scams from your computer, we strongly suggest that you follow the removal instructions posted underneath this article. They have been created with the main idea In mind to help you delete this virus either manually or automatically. Be advised that according to experts the best way to try and remove the software that is causing the Amazon Phishing Scamsming pop-ups is to use an advanced anti-malware software. Such program is created with the idea in mind to fully scan your computer and try to eliminate any traces of unwanted programs while protecting your computer against future infections as well.
- Guide 1: How to Remove Amazon Phishing Scams from Windows.
- Guide 2: Get rid of Amazon Phishing Scams on Mac OS X.
- Guide 3: Remove Amazon Phishing Scams in Google Chrome.
- Guide 4: Erase Amazon Phishing Scams from Mozilla Firefox.
- Guide 5: Uninstall Amazon Phishing Scams from Microsoft Edge.
- Guide 6: Remove Amazon Phishing Scams from Safari.
- Guide 7: Eliminate Amazon Phishing Scams from Internet Explorer.
- Guide 8: Disable Amazon Phishing Scams Push Notifications in Your Browsers.
How to Remove Amazon Phishing Scams from Windows.
Step 1: Boot Your PC In Safe Mode to isolate and remove Amazon Phishing Scams
Step 2: Uninstall Amazon Phishing Scams and related software from Windows
Here is a method in few easy steps that should be able to uninstall most programs. No matter if you are using Windows 10, 8, 7, Vista or XP, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program are left behind, and that can lead to unstable work of your PC, errors with the file type associations and other unpleasant activities. The proper way to get a program off your computer is to Uninstall it.
Step 3: Clean any registries, created by Amazon Phishing Scams on your computer.
The usually targeted registries of Windows machines are the following:
You can access them by opening the Windows registry editor and deleting any values, created by Amazon Phishing Scams there. This can happen by following the steps underneath:
Get rid of Amazon Phishing Scams from Mac OS X.
Step 1: Uninstall Amazon Phishing Scams and remove related files and objects
1. Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:
- Go to Finder.
- In the search bar type the name of the app that you want to remove.
- Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
- If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.
In case you cannot remove Amazon Phishing Scams via Step 1 above:
In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:
You can repeat the same procedure with the following other Library directories:
Tip: ~ is there on purpose, because it leads to more LaunchAgents.
Step 2: Scan for and remove Amazon Phishing Scams files from your Mac
When you are facing problems on your Mac as a result of unwanted scripts and programs such as Amazon Phishing Scams, the recommended way of eliminating the threat is by using an anti-malware program. SpyHunter for Mac offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.
Remove Amazon Phishing Scams from Google Chrome.
Step 1: Start Google Chrome and open the drop menu
Step 2: Move the cursor over "Tools" and then from the extended menu choose "Extensions"
Step 3: From the opened "Extensions" menu locate the unwanted extension and click on its "Remove" button.
Step 4: After the extension is removed, restart Google Chrome by closing it from the red "X" button at the top right corner and start it again.
Erase Amazon Phishing Scams from Mozilla Firefox.
Step 1: Start Mozilla Firefox. Open the menu window
Step 2: Select the "Add-ons" icon from the menu.
Step 3: Select the unwanted extension and click "Remove"
Step 4: After the extension is removed, restart Mozilla Firefox by closing it from the red "X" button at the top right corner and start it again.
Uninstall Amazon Phishing Scams from Microsoft Edge.
Step 1: Start Edge browser.
Step 2: Open the drop menu by clicking on the icon at the top right corner.
Step 3: From the drop menu select "Extensions".
Step 4: Choose the suspected malicious extension you want to remove and then click on the gear icon.
Step 5: Remove the malicious extension by scrolling down and then clicking on Uninstall.
Remove Amazon Phishing Scams from Safari.
Step 1: Start the Safari app.
Step 2: After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.
Step 3: From the menu, click on "Preferences".
Step 4: After that, select the 'Extensions' Tab.
Step 5: Click once on the extension you want to remove.
Step 6: Click 'Uninstall'.
A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the Amazon Phishing Scams will be removed.
Eliminate Amazon Phishing Scams from Internet Explorer.
Step 1: Start Internet Explorer.
Step 2: Click on the gear icon labeled 'Tools' to open the drop menu and select 'Manage Add-ons'
Step 3: In the 'Manage Add-ons' window.
Step 4: Select the extension you want to remove and then click 'Disable'. A pop-up window will appear to inform you that you are about to disable the selected extension, and some more add-ons might be disabled as well. Leave all the boxes checked, and click 'Disable'.
Step 5: After the unwanted extension has been removed, restart Internet Explorer by closing it from the red 'X' button located at the top right corner and start it again.
Remove Push Notifications caused by Amazon Phishing Scams from Your Browsers.
Turn Off Push Notifications from Google Chrome
To disable any Push Notices from Google Chrome browser, please follow the steps below:
Step 1: Go to Settings in Chrome.
Step 2: In Settings, select “Advanced Settings”:
Step 3: Click “Content Settings”:
Step 4: Open “Notifications”:
Step 5: Click the three dots and choose Block, Edit or Remove options:
Remove Push Notifications on Firefox
Step 1: Go to Firefox Options.
Step 2: Go to “Settings”, type “notifications” in the search bar and click "Settings":
Step 3: Click “Remove” on any site you wish notifications gone and click “Save Changes”
Stop Push Notifications on Opera
Step 1: In Opera, press ALT+P to go to Settings
Step 2: In Setting search, type “Content” to go to Content Settings.
Step 3: Open Notifications:
Step 4: Do the same as you did with Google Chrome (explained below):
Eliminate Push Notifications on Safari
Step 1: Open Safari Preferences.
Step 2: Choose the domain from where you like push pop-ups gone and change to "Deny" from "Allow".