Criminals spoof Amazon to steal your financial information

Scammers use Amazon's name to lure victims into their traps. With the holiday season upon us, it only gets more intense.

Many people are stocking from Amazon to avoid the hassle of last-minute shopping before the holidays. Malicious hackers are using this trend to spoof purchase notifications to steal financial information. This attack works by implementing legitimate Amazon links, forcing the end-user to call instead to cancel any order.

Starting in October of 2021, Avanan, a CheckPoint company, observed a new attack in which the attacker spoofs a typical Amazon order confirmation. Malicious email is designed to get the end-user to place a phone call and give up credit card information.

It starts as what looks like a traditional Amazon order confirmation. Given the high price, a user is likely to check their account. When they click on the links, it goes directly to the actual Amazon site, which, researchers explain, means that even the most trained user will click on it. However, the actual email address should set off alarm bells as it comes from a Gmail address.

The number listed on the email is not an Amazon number. Though it has an area code from South Carolina, the attackers call back from India.

When you call the number, at first, no one will answer. After a few hours, a call back will occur. The person on the other line will say that to cancel the invoice, they will need a credit card number and CVV number.

"This attack bypasses traditional email security scanners in large part due to the existence of legit links. When doing a check against an Allow List, this email passes. When we crunched the numbers for our 1H 2021 Cyber Attack Report, we found that 8.14% of phishing emails ended up in the user's inbox simply because of an allow or block list misconfiguration. This is an increase of 5.3% from the 2019 Global Phish Report. The problem gets worse depending on the security solution in use. When sitting behind an SEG, we found that 15.4% of email attacks are on an Allow List," Avanan researchers claim.

Scammers are in love with Amazon

According to the Federal Trade Commission (FTC), the number of reported Amazon impersonators grew five times from July 2020 to June 2021. Out of 96,000 reported business impersonators, 35% used Amazon's name to lure victims into their traps. Apple is the second most impersonated company, with 6% of reported scammers pretending to be company representatives.

Recently, I've received a similar email from scammers, too. It was a purchase confirmation email - apparently, I bought a ridiculously overpriced PS4 for... $1098. There was no link - malicious or legitimate - in the email. However, there was a phone number that I was supposed to call to cancel the order I had supposedly made.

At the time, I approached Dave Hatter, a cybersecurity expert at IntrustIT, for advice on spotting the scam. Here's what you should pay attention to:

1. Stop. Think. Did I actually order the item in question?

2. Look for misspellings and bad grammar in the email as red flags. As the scammers get better, this is less common.

3. Mouseover, BUT DO NOT CLICK on the links to see if they actually go to the website the email appears to have come from. If it's not VERY CLEAR that it does, DO NOT CLICK the link.

4. Be extra vigilant and skeptical.

5. If you're not sure, or you did order something, go "out-of-band."

6. Don't click any of the links or call any of the phone numbers (all easily spoofed).

7. Go to the website that purportedly sent the email by visiting it directly. For example, open a new browser window and go to,,

7. Login in to your account and use the legitimate site to check on any orders you might have.

8. The same would hold true if the email purportedly came from a shipping company like UPS or FedEx. Go "out-of-band" and visit their site directly to search for the shipping number.

More from CyberNews:

Silk Road 2.0 administrator has his bitcoin assets seized

To ransom-proof healthcare, we need to go on the offensive – interview

US blacklists NSO Group and three other foreign companies

BlackMatter ransomware claims to be shutting down

Facebook will shut down facial recognition system

Are Organizations Sleepwalking Into A Cybersecurity Crisis?

Subscribe to our newsletter