The Amazon survey phish: back for round 2

The Amazon survey phish: back for round 2

We’ve seen another run of Amazon themed spam doing the rounds, and they may well already be dropping into your mailbox. Here’s the email in question:

Amazon spam returns

The text is identical to the Congratulations As a valued customer we would like to present you with an opportunity to make a quick buck. We are offering £10 each to a selected number of customers in exchange for completing a quick survey relating to our service. Your opinions and thoughts are vital in order for us to provide the best possible service. Please click the link below to get started.” target=”_blank”>last one we took a look at (notice also the open red padlock, which is a new Gmail feature). As before, the link uses a redirect to send potential victims to an imitation Amazon page – this time, located at


Fake login page

The people behind the spam campaign have mixed things up a bit, with all new pages to be tricked by. Previously, they lifted any entered login credentials then asked for payment information. This time around, they’re likely trying to distract with nonsense before moving in for the kill (so to speak).

The first step is personal information. They perform some basic checks behind the scenes to ensure you’re not just typing in any old rubbish – the wall of red text below would indeed be due to me typing in any old rubbish:

Details please

That is most definitely an unhappy phishing page.

After the first grab of personal details, a diversion kicks in with an actual survey:


There’s something hugely dissonant about filling in an “Are you satisfied with our service” Q&A on a phishing URL wanting to clean out your wallet, but there we go.

The final page is indeed the bit where they ask for payment information. Should you try and skip through this page without entering any text, they’ll get the red marker pen out again:


One final thing: they perform some checks to ensure what you’re entering is a valid card number (typically, this is done via fresh dump lists against specific number patterns associated with banks). Like so:

Whoops Redux

If the site notices you’ve entered the real deal, it’ll take the above numbers and divide them out into 4 sets of 4. Otherwise? Name not down, not coming in and so on.

To conclude, our Amazon phish gets a bit of an upgrade and a splash of paint to make the whole thing look a bit more appealing. The suggestions we gave last time around for avoiding this scam remain the same – steer clear of emails claiming you’ve won something, and don’t enter your Amazon login details on pages where no HTTPs exists. Follow these simple steps, and you’ll make it through the day without your banking details winging their way to a scammer.

Christopher Boyd


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.