New Phishing Attack Targeting Amazon Prime Users to Steal Login Credentials

A new phishing attack is targeting Amazon Prime users, tricking them with fake renewal notifications to steal login credentials, personal details, and payment information. Discovered by the Cofense Phishing Defense Center on February 18, 2025, this attack uses advanced social engineering techniques and multiple layers of deception.

  • Spoofed Emails & Fake Alerts: Users receive fraudulent emails claiming their Amazon Prime renewal has failed due to an invalid payment method. The email includes a fake "Update Information" button.

  • Google Docs Redirects & QR Code Tricks: Clicking the button leads to a fake Amazon security page hosted on Google Docs, tricking users into entering their credentials. The attackers also use QR codes to bypass security scanners.

  • Multi-Stage Data Theft: Once victims enter their Amazon login details, they are asked to provide personal verification data, such as date of birth, mother’s maiden name, and phone number. The final step captures full credit card details through a counterfeit payment portal.

  • Decentralized Hosting: Attackers use various platforms like Google Docs, compromised domains, and QR code generators to distribute phishing links, making detection harder.
  • Advanced Phishing Techniques: This campaign uses dynamic HTML injection to replicate Amazon’s security features, including MFA prompts and validation scripts, making the fake pages look highly convincing.

How to Stay Safe

  • Never Click Suspicious Links: Always verify emails by manually visiting Amazon’s official website instead of clicking on embedded links.
  • Enable Multi-Factor Authentication (MFA): Even if attackers steal your password, they won’t be able to access your account without the second authentication step.
  • Check Email Senders Carefully: Amazon will never send security alerts via Google Docs or ask for sensitive details through third-party platforms.
  • Use Reliable Cybersecurity Solutions: Deploy email security tools to detect domain spoofing and inspect redirect chains in embedded links.
  • Stay Educated: Phishing tactics evolve constantly. Regular cybersecurity awareness training can help prevent falling victim to such scams.

This phishing attack highlights the growing sophistication of cybercriminals, who now use Phishing-as-a-Service (PhaaS) platforms to deploy convincing scams. To protect yourself, always double-check emails, enable MFA, and stay vigilant against suspicious links.

Cyber threats are constantly evolving—staying informed is your best defense. Stay secure with Net Protector Cyber Security.