In response to the news that a new phishing campaign is doing the rounds where victims are sent an email which informs them of a 90% discount for products on Amazon, however accessing the link in the message leads to a fraudulent page that asks for login information, Mark Sparshott, EMEA director at Proofpoint writes:
“Phishing campaigns using Amazon and Discount Vouchers as lures are nothing new, Proofpoint researchers have observed them for years.
In the past the vast majority of emails were blocked by Anti-Spam solutions using Reputation Checks that pick up on the huge volume of messages with similar content being mostly sent from known bad IPs. However modern phishing campaigns have evolved to bypass the spam & virus checks of Anti-Spam solutions by using advanced delivery techniques like longlining which uses database marketing techniques such as the rotation of IPs, Senders, Subject Lines, Message Content and URL Links which keep the messages under the radar of reputation systems even though the overall message volume is still very high. In this instance the cybercriminals have used a Credential Attack where the malicious website does not contain any malware but instead simply asks the user to login into the fake Amazon page.
Proofpoint’s Human Factor research showed that these longlining campaigns enjoy an average click rate of 10% and the illegitimate login pages are even harder to spot on mobile devices whose browsers quickly hide the address bar to make the most of the devices smaller screen size. Proofpoint’s advice to businesses and individuals is to “always look a gift horse in the mouth”, if it looks too good to be true it almost certainly is, so think before you click.”