Almost anything online can be a target for phishing popular sites for phishers to target include Amazon.com, Paypal, and Ebay among others. With the holiday shopping season in full swing I thought it would be useful to review phishing attacks, nothing new here they are just getting more complex and insidious. Here's a recent example of a phishing attack against Amazon.com that was mentioned by FPROT this past weekend. A spammer sent out a fairly large mailing of "Order inquiry" emails from "support@amazon.com", directing people to a fake Amazon.com look-a-like site hosted in South Korea:
|
|
The first thing you should notice is that this is not the correct address for Amazon. If however you logged into this site which does no form of verification as we can see by my login address. You will see that this site is not just about stealing your Amazon user name and password. Once you "log in", you get a new page, asking you to update your credit card information:
As menitioned by the FPROT if you look carefully you will see that the phisher was logged into Amazon when he or she stole the graphics from Amazon.com. The button DFFDF's store indicates the account that he or she used to grab the graphics from Amazon's website. If you look below you will see the item that caught my attention on FPROT.
The phisher is not only asking for the account information for Amazon but also credit card information including the pin code associated with the account. I know you are saying that you would never fall for that but the sad fact is that there are people that will. They even justify asking for your PIN by saying it is for your security and in a weird sort of way that makes sense. When you go to an ATM or use your credit card at the grocery store they ask for your pin code so why not Amazon. The bottom line of this article is if you get an email from any online vendor be they a credit card, bank, or online retailer. Do not click the link in the email take the time to type the address in the address bar that way you can be sure you are at the real service provider and not a fake one. Test your phishing IQ at this website http://survey.mailfrontier.com/survey/quiztest.html if you have any questions please feel free to ping me on yahoo or drop me an email I will be happy to help you out and answer your questions. If you are the victim of a phishing attack read my previous post regarding the FTC Online Security Center to find out where you can report attack. Link: http://www.f-secure.com/weblog/archives/archive-122005.html#00000731
