Cybercriminal gangs are launching new scams designed to capitalize on the shopping rush ahead of Black Friday and the holiday season, researchers have warned. In a weblog post, researchers at security firm Avanan described one such campaign, first launched last month, in which scammers spoofed Amazon order notification emails. The goal of these fake emails is to lie to the victim in order to call a customer service number of the fake service, in which case the criminals try to lie to the person in order to expose their credit card information. credit. “When you call the number, at first, absolutely no one answers. After a few hours, a withdrawal will be made,” Avanan explained. "The person on the other line will say that to void the invoice, she will need a credit card number and a CVV."
Amazon invoice scam
According to Avanan, criminals can bypass email security filters by including legitimate links in the body, pointing to the real Amazon site. Although certain phishing scams use fake landing pages to digest credentials, in such a case the links provide a more reliable path to inboxes, while leaving the victim with a false sense of security. Aside from stealing payment details, the scam also serves as a way to hack phones, setting the stage for future text and voice messaging attacks. "By the time they get the number, they can make a series of attacks, either by text message or by phone," the scholars wrote. "One successful attack can lead to dozens more." And this is just one case. partly simple Due to global chip shortages and supply chain disruptions, shoppers are expected to be doing their holiday shopping earlier than ever this year, which is sure to lead to a series of scams aimed at capitalizing on the level of demand for the To guard against these kinds of attacks, buyers are advised to check the sender's email address and the body of the message for anomalies that could point to a scam.In addition to this, it's a good idea to avoid calling numbers unknown unless they are also on the retailer's site and avoid downloading unsolicited email attachments that may contain malware.To protect your devices from attacks, check out our list of the best antivirus services, the best endpoint protection software, and the best protections against ransomware.