New Phishing Techniques – Amazon and PayPal fraudsters ‘up their game’ with fake messages

Tier3 Pakistan partners with STOP. THINK. CONNECT.
February 3, 2017
Russian hackers group ” Turla ” uses new JavaScript Malware KopiLuwak
February 3, 2017

New Phishing Techniques – Amazon and PayPal fraudsters ‘up their game’ with fake messages

Our experts confirm spoofing contact details is easy to do. There are a number of websites who offer the service as a way to "prank" your friends.Not saying these sites are set up for criminals but are they taking into account that fraudsters are making use of the spoofing services.

Fraudsters are perfecting the art of impersonating large companies such as PayPal and Amazon, Britain’s leading anti-fraud agency has warned.A combination of improved technology and more accurate spelling and grammar is making the fake communication harder than ever to detect.

Our security experts, described the bogus messages as “highly convincing” which often appear to come from genuine addresses.

In many cases they indicate that some sort of error has been made – as a prompt to recipients to take action.

The fake Amazon email, below, looks just like an order confirmation but contains details and delivery date of a product that the recipient did not order, for example.

One message seen by Tier3 suggested the customer had purchased a hard drive for £129.11. Another confirmed the sale of six  “Amscan International Baby Little Angel Costumes” for £69.49.

Other customers have reported receiving similar emails for TVs, cameras and iPhones.The messages appear to come from legitimate email addresses Amazon UK and server-info@amazononline.co.uk. However, correspondence from the UK arm of Amazon would be sent from an address ending in @amazon.co.uk.

These messages are designed to get customers to query the order by clicking on the link at the bottom of the email.On one of the emails it says: “If you haven’t authorized the transaction, go to the Refund page for full refund.”

Other messages require similar action.

Those who use PayPal should also be on high alert as another convincing phishing scam does the rounds.The text message, which using a spoofed phone number appears to come from PayPal, explains the customer account has been suspended due to unauthorized login attempts and offers a link for customers to click on to confirm their details.

These spoofed texts are especially concerning, according to Tier3 Experts.With spoofed emails, you can usually hover over the address and the real one is revealed.

However with texts, consumers may not know the real providers’ phone number.

Our experts confirm spoofing contact details is easy to do. There are a number of websites who offer the service as a way to “prank” your friends.Not saying these sites are set up for criminals but are they taking into account that fraudsters are making use of the spoofing services.

Fraudsters use well known brands such as Amazon and Paypal to target numerous victims with relevant messages designed to cause panic.

While obvious spelling and grammar is improving in scam messages, Tier3 suggests there are a number of suspicious signs to look out for.

WE suggest those who are concerned about their online accounts should change their password and use different ones for each service. Tier3 also suggests contacting the genuine company the fraudster is attempting to purport – in this case Amazon and PayPal – using the correct details.

A PayPal spokesman said all communication to account holders regarding account limitation would be sent to the secure message centre with their PayPal account.Any concerns about fraudulent messages should be sent to spoof@paypal.com.

Leave a Reply