From the mailbox: a fake Amazon mail which attempts to persuade the lucky recipient that they have the chance to win £10 in return for completing a quick survey. The mail, titled “ΙD: 569369943” and claiming to be from “members support” / message@notice-amazon(dot)com, reads as follows:
As a valued customer we would like to present you with an opportunity to make a quick buck. We are offering £10 each to a selected number of customers in exchange for completing a quick survey relating to our service. Your opinions and thoughts are vital in order for us to provide the best possible service. Please press the link below to get started.
I can’t really picture Amazon mailing anybody with the phrase “Make a quick buck”, but in any case the link directed eager clickers from what looked to be a compromised home and gardens website (now offline) to
amazon-update-account-awd547324897457(dot)tube-gif-converter(dot)com/Login(dot)php
where the site asked for Amazon login credentials:
After this, the next page requested full payment information including address, phone number, credit card details, sort code / bank account number and “security question” too.
At time of writing, both the initial redirection site and the phishing page(s) are both down for the count. Of course, scammers will likely resurrect this fake Amazon £10 survey reward / swipe your banking information tactic elsewhere so it pays to have an idea what they’re up to at all times.
At this point, we’d usually suggest looking out for the green padlock / verified identity advice typically given near the end of a “Don’t get phished” blog. However, HTTPS isn’t deployed across the entirety of Amazon – only the pages where it’s really needed, such as login / payment and so on.
All the same, it’s good practice to check for a green padlock / identity information anytime you’re asked to login or submit potentially sensitive data. Follow these simple steps, and you’re probably going to be safe from this type of attack.
As a final tip, be very wary around emails claiming you’ve been entered into surveys or competitions – and if you see well-known brands sending you odd mails about “making a quick buck”, you may want to run the other way.
Christopher Boyd
