Amazon Impersonated in Phone Call Scam

November 4, 2020

During the pandemic, the e-commerce industry has not only seen a dramatic rise in sales, but also in consumer-targeted email attacks. This attack features an impersonation of Amazon, utilizing an increasingly popular vector for malicious engagement—phone calls.

In this attack, scammers impersonate Amazon to steal valuable account and payment information from targeted consumers.

Summary of Attack Target

  • Platform: Office 365
  • Payload: Text, Phone Number
  • Technique: Impersonation

Overview of Amazon Phone Number Scam

In this attack, the cybercriminals send an email impersonating an Amazon delivery. Close inspection shows that the sender’s name is presented as “Arnazon” (with an "r" and an "n" rather than an "m")—an attempt by the attacker to both trick recipients and bypass other email security solutions that look for brand impersonations. Attackers anticipate such typos will go unnoticed, as sender information is often overlooked and only the email content is read thoroughly.

The email originates from the domain ‘consumerlivesupport.com’, a recently registered domain that is not associated with Amazon. Additionally, the links in the email body redirect the recipient to "consumerlivesupport.com" rather than to Amazon itself.

Amazon phone number scam email
A fake email from "Arnazon" to trick victims into calling a fraudulent customer support number.

The email itself mimics the frequently seen Amazon order notification email at the price of $1,504.00—an astronomical sum for some. The text asks the recipient to contact the “Amazon Billing” phone number to resolve any issues. The fake order receipt is meant to spark concern, as the recipient did not place the order, leading them to call the provided billing support number.

However, further investigation reveals that this number does not match the customer support phone number found on the Amazon website. Instead, it is a misdirection so consumers release sensitive account information to phone scammers posing as Amazon support specialists.

If the recipient falls victim to this attack, they may ultimately release sensitive account details, as the attackers can leverage the credentials needed to access their account and the card to which their supposed refund would be directed.

Why the Amazon Impersonation Scam is Effective

The email is a fake receipt for a “recent Amazon purchase”, fostering a sense of urgency in the account owner to cancel the purchase and address a possible account breach before any other “orders” are made. The potential money loss will likely motivate the target to act quickly.

In addition, the email itself looks like a legitimate purchase notification from Amazon, displaying Amazon logos hosted on Amazon domains, as well as a detailed description of the purchased product. Additionally, the email is personalized, providing an address to where the supposed order is being sent and contact information for questions regarding the order.

Abnormal Security detecting the fake Amazon phone number scam
Abnormal Security detecting the fake Amazon phone number scam.

Abnormal can detect this malicious email due to the unusual sender information, the suspicious link, and the brand impersonation sign-off. When this is combined with the mismatched sender domain and the urgency included in the text, it provides the indicators needed to know that this email is malicious and block it before it reaches inboxes.

We have seen an increase in tech support scams that use a phone number as the attack vector, often going undetected by email security solutions. This is because, similar to social engineering attacks, this strategy for malicious engagement does not include easily identifiable threat vectors such as links or attachments. As the pandemic continues to push consumers toward online shopping, scammers may be seeing more success with this discrete vector approach and users should be wary of all attempts to transition to other mediums of communication.

To learn more about how Abnormal can stop these types of brand impersonation scams, see a demo of the platform.

Image

Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

0
Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 09 29 22 CISO Cybersecurity Awareness Month
October is here, which means Cybersecurity Awareness Month is officially in full swing! These five tips can help security leaders take full advantage of the month.
Read More
B Email Security Challenges Blog 09 26 22
Understanding common email security challenges caused by your legacy technology will help you determine the best solution to improve your security posture.
Read More
B 5 Crucial Tips
Retailers are a popular target for threat actors due to their wealth of customer data and availability of funds. Here are 5 cybersecurity tips to help retailers reduce their risk of attack.
Read More
B 3 Essential Elements
Legacy approaches to managing unwanted mail are neither practical nor scalable. Learn the 3 essential elements of modern, effective graymail management.
Read More
B Back to School
Discover how threat group Chiffon Herring leverages impersonation and spoofed email addresses to divert paychecks to mule accounts.
Read More
B 09 06 22 Rearchitecting a System Blog
We recently shared a look at how the Abnormal engineering team overhauled our Unwanted Mail service architecture to accommodate our rapid growth. Today, we’re diving into how the team migrated traffic to the new architecture—with zero downtime.
Read More
B Industry Leading CIS Os
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 12 innovative and influential thought leaders on social media.
Read More
B Podcast Engineering 11 08 24 22
In episode 11 of Abnormal Engineering Stories, David Hagar, Director of Engineering and Abnormal Head of UK Engineering, continues his conversation with Zehan Wang, co-founder of Magic Pony.
Read More
B Overhauled Architecture Blog 08 29 22
As our customer base has expanded, so has the volume of emails our system processes. Here’s how we overcame scaling challenges with one service in particular.
Read More