If you buy regularly through Amazon, it is normal to have emails from you in reference to purchasing processes such as the registration of this in your system, that the shipment is already on its way, or the typical email confirming that the merchandise has been delivered. But if you have an email from Amazon with any of these issues, delete it immediately because it is a new scam.
The fake amazon survey
And it is that the OSI, the Internet Security Office, has detected “a campaign of sending false emails that impersonate Amazon’s identity. The objective is to redirect the victim through a link provided in the email to a fraudulent website (phishing) that pretends to be that of the service in question “.
This website asks the user to fill out a survey and thus be able to opt for electronic products and gift cards “for a negligible amount”, but to receive them, they must provide their personal and bank details.
Is that how it works:
The fraudulent email is sent from an account that does not belong to the legitimate service of the company, in this case Amazon. In other words, the address from which the emails are sent is not a domain that belongs to the service. In any case, remember that the sender could easily be manipulated following a technique widely used by cybercriminals known as spoofing.
This email is identified with the subject “Dear, You have (1) a package located in the Amazon distribution center.”, Although it is not ruled out that they may be being distributed with other similar matters.
It is also characterized by addressing the user using the email address instead of by her name or surname.
In the body of the message, the user is invited to complete a survey as quickly as possible to supposedly receive the best prizes. According to the OSI, “it is very common for this type of fraud to urge the user to carry out her instructions so that they do not have time to think and analyze the situation.”
If you click on the link “-> Click START to continue” or the “Start” button, it redirects to a website designed to appear legitimate. There, the user is invited to complete a survey related to the Amazon shopping experience and that indicates that all participants will receive a prize of their choice. It should be noted that a supposed single voucher will be provided that will not be requested later in any form.
After several questions of a personal nature, the page will redirect us to an assortment of products to choose as a prize.
When accessing these products, in order to place the order we must fill in a form with our personal data: name, surname, address, telephone number, postal code, telephone number and email.
In some products, such as mobile phones, once the personal data has been filled in, it gives us the option of adding information about our credit card and making a payment, of a symbolic amount of money: € 1.50.
Finally, once the data has been entered, when clicking on the button to send it, the page will show us an error, but the cybercriminals will already have it in their possession to use it for any malicious or fraudulent purpose.