Spam and phishing mail

Amazon used as bait

In recent weeks, we have seen several mass-mailings in French, Italian and English, imitating messages from Amazon’s online shops. In all the mailings, the recipients were offered a voucher, a gift certificate or some other prize.

The enticing offers were mostly sent from Italy or France. However, the email addresses from which they were sent immediately raised suspicions: the culprits didn’t even try to imitate Amazon’s official email addresses, and merely used Amazon in the sender’s name.

Amazon used as bait

Each message contains links that supposedly lead to the Amazon website. The recipients have to click the links to claim their “prize”. Analysis of the links shows that users from different countries are redirected to different web pages. For instance, users with a European IP address are asked to fill in a form in English, and are offered the chance to enter a draw for an iPhone 6S as a reward.

amazon_blog_eng_2

The winner is promised a new smartphone for just 1 euro, but first has to enter their bank card details on the video streaming site myflixhd[.]com.

amazon_blog_eng_31

The website offers a 5-day trial period, but requires the user’s bank card details, and then deducts a subscription fee of 50 euros per month if the user fails to cancel the subscription on time.

Naturally, Amazon has nothing to do with this “draw” or any other similar scams, and the chances of winning an iPhone 6S are very slim, to say the least. There is a good chance, however, that the bank card details entered on this advertising web page will be used by third parties for their own ends.

Amazon used as bait

Your email address will not be published. Required fields are marked *

 

  1. Timothy Sanford

    I don’t know if anyone will agree with me, but, can Kaspersky find a person that’s willing to pay then follow the trail to where the money actually ends up, get a physical address then call police to arrest the scammers? Then person gets his/her money back.

    I know some of you will say I watch too much tv, BUT it made me wonder if it’s actually possible??

  2. Rick L.

    What you describe is entirely possible until the step after the user pays. The perpetrator is almost certainly in a different country, and often in a location where the government is unwilling or unable to assist external law enforcement agencies in capturing its own citizens.

    1. samuel

      and what about interpol?

Reports

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Subscribe to our weekly e-mails

The hottest research right in your inbox