In the third quarter of this year, Asia experienced the most cyberattacks of all regions in the world, according to Check Point Research, with an average of 1,778 weekly attacks per organization. That’s a 21% increase YoY.
In that spirit, we found a new scam that spoofs Amazon and is targeted at Japanese companies and consumers.
This speaks to the global nature of cyberattacks, and in particular how global companies are used in these campaigns.
In this attack brief, researchers at Avanan, a Check Point Software Company, will discuss a spoofed Amazon email targeting Japanese companies.
Attack
In this attack, hackers are sending fake Amazon account notices, in the hopes of getting credentials.
- Vector: Email
- Type: Credential Harvesting
- Techniques: Social Engineering, Impersonation
- Target: Any end-user
Email Example #1
This email is in Japanese. The translated text is below:
Subject: We've Deactivated Your Prime Auto-Renewal! Number 561766
Amazon Customer
Dear Users. Your account could not be updated with your Amazon membership card information.
This can happen for a variety of reasons, like an expired card or a change in billing address.
Some account information is incorrect, and we need to verify your Amazon membership information to further maintain your account. It is now possible for you to verify your account.
(Link:) Amazon Login
If you do not receive confirmation within 24 hours, we apologize for the inconvenience, but for your safety, we will restrict your account.
If you are unable to access the email address of your login account
Contact: Customer Service.
So you know:
・Please do not tell anyone your password.
・Please create a password that has nothing to do with your personal information and is hard to guess. Always use upper- and lower-case letters, numbers, and symbols.
Use a different password for each online account.
Thank you for your attention to this matter.
This email is a classic social engineering scam, utilizing the name of a popular brand to compel the user to do something they don’t want to do. In this case, the email wants the users to click on a link to “Amazon”. Instead of updating membership details, they will be led to a fake page that will steal credentials and payment details.
Techniques
End-users expect emails from popular brands. Whether it’s in their personal mailbox or business one, we are inundated with legitimate brand emails. We are also inundated with illegitimate brand emails. It’s why brand impersonation is one of the most popular forms of phishing. Amazon is always amongst the top impersonated brands.
The influx of impersonated brand emails places the onus on the end-user. It requires looking for often small details that separate the fake brand from the real one. Hackers are hoping that end-users are too busy, and too careless to find these.
Beyond that, security scanners should be able to easily handle these brand impersonations, as there are often URLs that redirect to malicious sites and the sender addresses don’t match. And yet, we consistently see emails like this one make it past standard and legacy email security services.
This is where advanced AI and ML come into play. Combining that with strong end-user training can ensure that scams like this one don’t cause significant financial damage.
Best Practices: Guidance and Recommendations
To guard against these attacks, security professionals can do the following:
- Always hover all URLs before clicking
- Always double-check sender addresses
- Before engaging with a service, ensure it’s a service you actually use.
