This article has been created in order to explain to you what is the Amazon Phishing Scams and how you can remove them as well as all potentially unwanted programs delivered through them.
The Amazon Phishing Scams are a set of email phishing campaigns that attempt to manipulate that targets into interacting with malicious scripts. At the moment we do not have information about the perpetrators behind it. Our article gives an in-depth explanation of how it propagates and how victims can attempt to remove active infections.
|Name||Amazon Phishing Scams|
|Type||Phishing email scam|
|Short Description||The Amazon Phishing Scams is a recent example of the scam tactic that extorts the targets into interacting with a scam site.|
|Symptoms||Victims will receive email messages that contain the phishing instructions.|
|Distribution Method||Phishing emails.|
See If Your System Has Been Affected by malware
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Amazon Phishing Scams.|
Amazon Phishing Scams — July 2020 Disabled Account Message
July 2020 saw the sending out of several new Amazon-themed phishing campaigns. This is midst the COVID-19 crisis which has shifted many Internet users into relying much more on e Commerce sites such as Amazon. Due to their rise in popularity computer hackers are now sending out more and more email messages that contain spam and fake messages that are designed to look like official Amazon notifications. There have been three independent campaigns which include different signatures showing that separate hacking groups are behind them:
- Domain Spoofing Campaign — The first campaign lists email messages that are sent out by third-party vendors that appear to have been hijacked. A part of these messages may also be spoofed according to the security analysis. The posted in links contain legitimate and authentic links to vendors accounts which has allowed the messages to pass through the firewalls and virus scanners. The messages appear as order cancellation messages. A phishing button reading update Amazon billing information will lead to a login page that will request the credentials of the recipients.
- Amazon Delivery Order Phishing Campaign — The second email phishing campaign includes fake communications that appears to be sent by Amazon. This notification lists a phone number linking it to a team called Fraud Protection Team — the recipients will be lead to call the number. This will initiate a fake tech support phone scam which will use manipulate the users to give in their account data.
- Shipped Amazon Order Notification — Another email scam which has been capture by the hackers uses a Gmail inbox in order to impersonate Amazon. It includes dangerous links to fake login prompts.
Amazon Phishing Scams — March 2020 Disabled Account Message
In March 2020 a new ongoing Amazon phishing scam has been detected. This time the hackers are attempting to impersonate the online retailer. The scammers are sending in email phishing messages and site notifications which will lure in the victims into thinking that their accounts are to be closed. The manipulation will be based on a fake message that states that inactive accounts are to be removed by the company. The hackers will cite a non-existing terms and conditions clause. The users will be manipulated into opening a shortened link which will lead to a fake login page where user accounts will be hijacked. When the users enter in their data it will be automatically transmitted to the hackers.
According to the scam messages accounts which are to be disabled will lead to the following behavior:
- The user will not be able to purchase products from Amazon or partners
- The user will not be able to sell or advertise their products on Amazon
- The user will not be able to create or use another account in his name
- All product shipments will be canceled
Amazon Phishing Scams – Distribution Ways
Amazon phishing scams can be obtained from various sources. One of the most common ones are the use of email SPAM messages that are sent according to a list of target recipients. The emails will be designed to look like actual notifications sent by the company. This is done by using several techniques, among them the main one relies on the use of the same design and layout as the real Amazon notification messages. The hackers will hijack the design elements consisting of both images, background and content. In addition the criminals behind the ongoing attacks will use similar sounding domain names to Amazon or their services. Together with fake (or legitimate) security certificates the users may be manipulated into interacting with these pages. In some of the cases the users may be redirected to real or fake login pages.
Various Amazon phishing scams can also be delivered via infected payloads of which there are two popular types:
- Software Setup Files — The criminals can produce malicious installers of popular applications. Usual victims are software that are commonly installed by end users: creativity suites, productivity apps and system utilities. Whenever the installers are engaged during setup or when the process is complete the scam page will be produced — either in a browser, application frame or pop-up window.
- Malware Documents — Various infections, including those with phishing scams, can be caused by interacting with virus-infected documents. They can be of any of the popular types: rich text documents, spreadsheets, presentations and databases. Once they are opened by the victims a notification will be spawned asking the users to enable the built-in code. If this is done then the virus infections will be started.
In some occasions the scam messages can also be presented in the end of the malicious web browser plugins. They are usually made compatible with the most popular web browsers and are distributed both on the relevant repositories, as well as other sites, communities, chat rooms and etc. The relevant web browser plugins are uploaded with fake user and developer credentials featuring elaborate descriptions with promises of added functionality and performance enhancements. Once they are installed the built-in behavior code pattern will be started. Most of the dangerous strains will change the default options of the web browsers to redirect the users to a hacker-controlled page by changing the most freqently used settings — default home page, new tabs page and search engine. In this case this can various Amazon phishing scam pages.
Amazon Phishing Scams – In-Depth Overview
The Amazon Phishing scams can have various effects upon the victim machines. Their primary goal is to coerce the recipients into thinking that they have received a legitimate message from the e-commerce site or any of their services. Each attack campaign may be operated by a different hacker collective or individual criminal. Phishing scams are one of the most common Internet crimes that continue to be an effective way to trick computer users worldwide.
Interaction with them may lead to virus infections as they often contain malicious scripts or links to hacker-controlled sites. This is especially true when the criminals attach or send links to files. There are three primary types of data that are observed with such scam emails:
- Direct Virus Files —Actual virus files of different types can be attached to the email messages.
- Malicious Documents — The Amazon Phishing scams can serve as a conduit for documents containing malicious elements. They can be of any of the popular file types: presentations, spreadsheets, rich text documents and databases. Whenever they are opened a notification box will appear asking them to enable the built-in code. Whenever this is done the included payload will be deployed and started.
- Infected Software Installers — The email messages can include body contents that include setup files of ofen used applications. Examples include system utilities, productivity applications and creativity suites. Whenever they are installed the malicious payload will also be placed on the victim computer.
Another dangerous threat connected with Amazon phishing scams is that they can link the victim recipients into fake login pages. They are designed to fool them into thinking that they are entering their account credentials to the legitimate service. Instead their account credentials will automatically be hijacked and sent to the respective hacker operators.
Some of the phishing scams can also display intrusive ads taking various forms — pop-ups, banners and in-line links. In most cases they are sponsor-related and will pay the hacker operators a certain fee when a pre-agreed number of clicks are generated.
Another instance that relies heavily on scripts execution is the deployment of tracking cookies and/or a data collection module. They can both harvest sensitive data that can be categorized into two main groups:
- Personal Information — The tracking cookies and associated scripts can expose the identity of the users by looking for strings such as their name, address, phone number, interests, location and any stored username and password combinations.
- System Data — A report of the installed hardware components can be generated and sent to the hacker operators. Other data that can be part of this collection of information includes user settings and operating system values.
WARNING! In certain cases the scripts can also lead to Trojan infections — viruses that establish a secure connection to a hacker-controlled server. This allows the operators to spy on the users in real time, deploy various threats and take over control of the victim machines at any given time. This also allows them to hijack any file available on them. The other possibility is to deploy a ransomware virus which will encrypt target user data according to a built-in list of target file type extensions.
Amazon Phishing Scams — Amazon Email Gift Scam
A wave of phishing email messages have been reported to carry Amazon related scams. The victims will receive them with the subject line “Outline of our recent discussion”. They will explain the recipients that they have been chosen to receive a gift from Amazon. The explanation will be that this is after a giveaway which was completed shortly before the message has been sent. More information is to be disclosed when clicking on the page that also contains the redeem instructions. A long URL is presented in the email message and contains strings like “safe”, “protection” and “outlook” all of which refer to legitimate contents.
The recipients will be explained that they need to enter in their contact information in order to receive the gift. The redirect link will request a lot of personal information, including the account credentials from their Amazon profiles and possibly even payment card information.
Amazon Phishing Scams — Order Confirmation
This is an alternative order confirmation page phishing scam which is being distributed in targeted email campaigns against users worldwide. Using email redirects it can even land in the inbox of the users are not be registered as SPAM at all. Its body contents copies Amazon even in fine details which makes it very hard to differentiate between the scam messages and real notifications that are sent by the company. Some of the captured scam samples utilize personalized openings which shows that the hackers behind the attacks have obtained information on the victims. This can greatly increase the number of infected users.
There are several elements in the email messages that refer to order details and information:
- Estimated Delivery Date
- Shipping Method
- Payment Summary
If the criminals spoof the order details information then a very convincing phishing attack can be planned. The main link into which the victims are guided to (Order Details) will redirect the users to a fake login page.
Remove Amazon Phishing Scams — Amazon Please Respond Emails
Many computer users have received phishing email messages that imitate Amazon notifications. Instead of the legitimate domain of the online service the messages originate from an unknown address hosted on Hotmail which is surely a sign that it is fake.
The scam tactics will offer the recipients participation in a survey regarding a purchase with Amazon. They are promised a lucrative reward for providing the requested feedback. The message will quote details about the fake order by specifying an order ID, email delivery and estimated delivery. Such promises should be disregarded as soon as they are received, most online merchants do not engage in such promotions or offers.
The messages are easy to identify and categorize as scam by looking out for this section:
We are not affiliated nor partnered with Amazon. Amazon has not authorized, participated it, or in any way reviewed this advertisement or authorized it.
To be removed please Unsubscribe here or write to
PO box 971, Reno NV 89504
This is marketing email, 1401 Lavaca Street #107, Austin, TX 78701
From the body contents it is evident that the source of the message is a marketing agency that has harvested the credentials of the recipients. It is possible that the data has also been extracted from other sources such as browser hijackers, leaked databases or even tables with data from the underground markets.
Amazon Phishing Scams — Prime Membership
A newly published security report shows a new kind of Amazon phishing scam wherein the victims will receive an email message that will be masked as being sent by the company itself. Their body contents will be designed using the typical Amazon web elements. The recipient’s email address will be placed in the beginning with bold text which may confuse them into thinking that this is personalized. Amazon messages will use the person’s real name and other related elements and other information that are disclosed during user registration. However in some cases their email can be cross-linked to public records or databases obtained through the hacker underground markets.
The body contents of the messages will falsely display a notification that a Prime membership was purchased for a long period (6 or 12 months) and that they can cancel the automatic renewal by visiting a certain site.
If they click on the link the users will be redirected to a fake login page. If their account credentials are entered they will automatically be transferred to the hacker operators of the scam. As a result the hijacked information can be used for crimes like blackmail, identity abuse, financial theft and etc.
Amazon Phishing Scams — Amazon Order Confirmation Email
The victim users may receive email messages claiming to be from Amazon. In fact they are phishing attempts that utilize domain names that are not affiliated with the company. At the same time they use links and design layout which may be confused with the real company.
The message will read that the recipient’s Amazon account was used to buy a $250 Gift Card from a device that was not previously associated with the merchant. They are coerced to verify or block the transaction by clicking on a text link. This action will redirect the users to a fake login page which will request the account credentials of the quoted Amazon account.
Amazon Phishing Scams — Amazon Shopping Experience Reward
This scam strategy is a recent example of a phishing tactic that relies on sending out email messages that are designed to appear as being sent by Amazon. The emails are designed as being a shopper survey page that is non-personalized and appears to be sent by the company. It asks the users to rate their recent shopping experience by selecting one of the following options: very satisfied, satisfied, neutral, dissatisfied and very dissatisfied. When one of these options is selected the victims will be redirected to a phishing login page that will request their Amazon account credentials.
Some of the warning signs of a potential phishing email scam message are the following:
- The top-right screen will show “Amazon Shopper” instead of the customer’s real name as registered in the company’s records.
- The showing of a fake or randomly-generated account number that does not correlate with the real one assigned to the users.
- Promo survey links, if sent at all, will not lead to login pages.
- The company address and name will be to Amazon and not to other companies.
Amazon Phishing Scams — Order Notification
The malicious actors behind the Amazon phishing scams have developed another scam tactic which coerces the recipients into thinking that they have made an order with Amazon. Legitimate-looking images, overall layout and design elements are used with these messages which leads to a higher chance of infecting users.
The sent email messages will include a link allowing the users to verify their order, if it is interacted with it will cause a malicious activity. There are two popular cases which represent the majority of incidents:
- Link To Hacker-Controlled Page — Clicking on the link can redirect the victim users to a phishing login page which will request their Amazon account credentials.
- Malware Delivery — Clicking on the link may download a file or script that may be a virus or a payload delivery carrier. Interaction with it can lead to dangerous system infections.
Amazon Phishing Scams — Account Verification
Amazon phishing messages can also take the form of faux notifications that are sent in by the company’s “Assistance Center”. The recipients will receive emails that are designed using the usual layout that is expected to come from the company. The victims will be shown a message stating that their accounts will be locked. The reasons quoted are because the account is subject to policy violations. In order for this to be done the hackers instruct the recipients to login to their accounts and then click on a hyperlink where they will need to follow the instructions. There are several scenarios that can be used to lead to attacks:
- Fake Login Prompts — The hackers can present faux login prompts that will hijack the account credentials that are entered inside.
- Malware Redirect — The hyperlinks will lead to a malware site that can lead to other infections.
- Virus Downloads — The links may lead to viruses of all common types.
Amazon Phishing Scams — Fake Amazon AWS Notifications
A new phishing campaign takes advantage of the fact that the computer criminals behind it have the ability to manipulate the email recipients into believing that they are receiving notifications from the Amazon AWS service. This is the industry giant’s cloud hosting infrastructure which is particularly popular among both home users and big companies.
What’s particularly dangerous about them is that the emails are designed to look just like the original notifications that have been sent by the company. They will state that the accounts of recipients are suspended due to a lack of payment. In order to fix this issue the users are proposed to click on an embedded hyperlink.
This can lead to different consequences. The most common one is the presentation of a login prompt, if the users enter in their account information then it will be sent to the hackers immediately. Another strategy used by hacking groups is the direct opening of a payment page which will directly request payment card details. In some cases the hackers can also redirect the visitors to a malware page. It can distribute viruses, show intrusive ads and lead to other type of dangerous behavior.
Remove Amazon Phishing Scams from Windows and Your Browser
If you want to remove the Amazon Phishing Scams from your computer, we strongly suggest that you follow the removal instructions posted underneath this article. They have been created with the main idea In mind to help you delete this virus either manually or automatically. Be advised that according to experts the best way to try and remove the software that is causing the Amazon Phishing Scamsming pop-ups is to use an advanced anti-malware software. Such program is created with the idea in mind to fully scan your computer and try to eliminate any traces of unwanted programs while protecting your computer against future infections as well.
Amazon Phishing Scams-FAQ
What Is Amazon Phishing Scams?
The Amazon Phishing Scams threat is adware or browser redirect virus.
It may slow your computer down significantly and display advertisements. The main idea is for your information to likely get stolen or more ads to appear on your device.
The creators of such unwanted apps work with pay-per-click schemes to get your computer to visit risky or different types of websites that may generate them funds. This is why they do not even care what types of websites show up on the ads. This makes their unwanted software indirectly risky for your OS.
What Are the Symptoms of Amazon Phishing Scams?
There are several symptoms to look for when this particular threat and also unwanted apps in general are active:
Symptom #1: Your computer may become slow and have poor performance in general.
Symptom #2: You have toolbars, add-ons or extensions on your web browsers that you don't remember adding.
Symptom #3: You see all types of ads, like ad-supported search results, pop-ups and redirects to randomly appear.
Symptom #4: You see installed apps on your Mac running automatically and you do not remember installing them.
Symptom #5: You see suspicious processes running in your Task Manager.
If you see one or more of those symptoms, then security experts recommend that you check your computer for viruses.
What Types of Unwanted Programs Are There?
According to most malware researchers and cyber-security experts, the threats that can currently affect your Mac can be the following types:
- Rogue Antivirus programs.
- Browser hijackers.
- Fake optimizers.
What to Do If I Have a "virus" like Amazon Phishing Scams?
With few simple actions. First and foremost, it is imperative that you follow these steps:
Step 1: Find a safe computer and connect it to another network, not the one that your Mac was infected in.
Step 2: Change all of your passwords, starting from your email passwords.
Step 3: Enable two-factor authentication for protection of your important accounts.
Step 4: Call your bank to change your credit card details (secret code, etc.) if you have saved your credit card for online shopping or have done online activities with your card.
Step 5: Make sure to call your ISP (Internet provider or carrier) and ask them to change your IP address.
Step 6: Change your Wi-Fi password.
Step 7: (Optional): Make sure to scan all of the devices connected to your network for viruses and repeat these steps for them if they are affected.
Step 8: Install anti-malware software with real-time protection on every device you have.
Step 9: Try not to download software from sites you know nothing about and stay away from low-reputation websites in general.
If you follow these recommendations, your network and all devices will become significantly more secure against any threats or information invasive software and be virus free and protected in the future too.
How Does Amazon Phishing Scams Work?
Once installed, Amazon Phishing Scams can collect data about your web browsing habits, such as the websites you visit and the search terms you use. This data is then used to target you with ads or to sell your information to third parties.
Amazon Phishing Scams can also download other malicious software onto your computer, such as viruses and spyware, which can be used to steal your personal information and show risky ads, that may redirect to virus sites or scams.
Is Amazon Phishing Scams Malware?
The truth is that PUPs (adware, browser hijackers) are not viruses, but may be just as dangerous since they may show you and redirect you to malware websites and scam pages.
Many security experts classify potentially unwanted programs as malware. This is because of the unwanted effects that PUPs can cause, such as displaying intrusive ads and collecting user data without the user’s knowledge or consent.
About the Amazon Phishing Scams Research
The content we publish on SensorsTechForum.com, this Amazon Phishing Scams how-to removal guide included, is the outcome of extensive research, hard work and our team’s devotion to help you remove the specific, adware-related problem, and restore your browser and computer system.
How did we conduct the research on Amazon Phishing Scams?
Please note that our research is based on independent investigation. We are in contact with independent security researchers, thanks to which we receive daily updates on the latest malware, adware, and browser hijacker definitions.
Furthermore, the research behind the Amazon Phishing Scams threat is backed with VirusTotal.
To better understand this online threat, please refer to the following articles which provide knowledgeable details.