Malwarebytes has identified a phishing scam in the form of a bogus Amazon email that attempts to persuade the "lucky" recipient that they have the chance to win £10 in return for completing a quick survey.
The scam email, which purports to come from the members support division of Amazon, contains the flowing message: “As a valued customer we would like to present you with an opportunity to make a quick buck. We are offering £10 each to a selected number of customers in exchange for completing a quick survey relating to our service.”
Christopher Boyd, malware intelligence analyst at Malwarebytes, revealed the phishing scam on the Malwarebytes blog. Boyd noted that the email’s phrasing is not in keeping with how Amazon communicates with its customers.
“I can’t really picture Amazon mailing anybody with the phrase 'Make a quick buck', but in any case the link directed eager clickers from what looked to be a compromised home and gardens website (now offline),” he wrote.
Boyd said that while the redirection site and phishing pages are both down and no longer pose a threat, users would do well to familiarise themselves with the tactic.
“Of course, scammers will likely resurrect this fake Amazon £10 survey reward / swipe your banking information tactic elsewhere so it pays to have an idea what they’re up to at all times,” he said.
Such scams are nothing new, but Boyd said the threat is growing and the variety of tactics used by the scammers is increasing.
"We've noticed a definite increase in phishes which aren't necessarily financially themed, yet ask for payment information anyway alongside social network credentials. Previously, it was somewhat unusual to see this happening outside of banking phishes,” he told V3.
“One assumes that, as the phisher is successfully compromising the login details, they may as well grab whatever card data they can at the same time.
“People who wouldn't fall victim to a banking phish, may well be suckered in by an imitation Facebook page asking for a sort code/account number to 'unlock' their supposed account.”
Companies are becoming increasingly aware of how their branding can be used to create convincing scams and are taking steps to alert their customers.
“Major retailers such as Amazon do warn their customers of phishes as they become visible, and typically they offer up numerous security pages where their users can educate themselves on the dangers,” Boyd added.
“At the same time, anti-phishing tools built into browsers are a useful addition to any security arsenal, and we would recommend using them at all times."
Boyd also suggested that people look for signs that the services they are using are secure and verified, noting they should check for a green padlock or identity information that proves a site is legitimate when they are prompted to input their login details or potentially sensitive data.
Boyd’s tips are timely given how UK phishing scams have risen by 20 percent over the past 12 months.
Russian Taiga smartphone promises snoop-proof communications - coming soon to employees of Russian state-owned firms
Eugene Kaspersky's ex outs smartphone that claims to prevent apps from spying on users
Deloitte accused of leaving its internal Active Directory server exposed to the internet with RDP open
Deloitte accused of lax systems administration and security practices over email hack
Lax systems administration practices blamed for exposing millions of sensitive client emails
The new processors support Intel's Optane memory acceleration technology