Amazon Impersonated in Phone Call Scam

November 4, 2020

During the pandemic, the e-commerce industry has not only seen a dramatic rise in sales, but also in consumer-targeted email attacks. This attack features an impersonation of Amazon, utilizing an increasingly popular vector for malicious engagement—phone calls.

In this attack, scammers impersonate Amazon to steal valuable account and payment information from targeted consumers.

Summary of Attack Target

  • Platform: Office 365
  • Payload: Text, Phone Number
  • Technique: Impersonation

Overview of Amazon Phone Number Scam

In this attack, the cybercriminals send an email impersonating an Amazon delivery. Close inspection shows that the sender’s name is presented as “Arnazon” (with an "r" and an "n" rather than an "m")—an attempt by the attacker to both trick recipients and bypass other email security solutions that look for brand impersonations. Attackers anticipate such typos will go unnoticed, as sender information is often overlooked and only the email content is read thoroughly.

The email originates from the domain ‘consumerlivesupport.com’, a recently registered domain that is not associated with Amazon. Additionally, the links in the email body redirect the recipient to "consumerlivesupport.com" rather than to Amazon itself.

Amazon phone number scam email
A fake email from "Arnazon" to trick victims into calling a fraudulent customer support number.

The email itself mimics the frequently seen Amazon order notification email at the price of $1,504.00—an astronomical sum for some. The text asks the recipient to contact the “Amazon Billing” phone number to resolve any issues. The fake order receipt is meant to spark concern, as the recipient did not place the order, leading them to call the provided billing support number.

However, further investigation reveals that this number does not match the customer support phone number found on the Amazon website. Instead, it is a misdirection so consumers release sensitive account information to phone scammers posing as Amazon support specialists.

If the recipient falls victim to this attack, they may ultimately release sensitive account details, as the attackers can leverage the credentials needed to access their account and the card to which their supposed refund would be directed.

Why the Amazon Impersonation Scam is Effective

The email is a fake receipt for a “recent Amazon purchase”, fostering a sense of urgency in the account owner to cancel the purchase and address a possible account breach before any other “orders” are made. The potential money loss will likely motivate the target to act quickly.

In addition, the email itself looks like a legitimate purchase notification from Amazon, displaying Amazon logos hosted on Amazon domains, as well as a detailed description of the purchased product. Additionally, the email is personalized, providing an address to where the supposed order is being sent and contact information for questions regarding the order.

Abnormal Security detecting the fake Amazon phone number scam
Abnormal Security detecting the fake Amazon phone number scam.

Abnormal can detect this malicious email due to the unusual sender information, the suspicious link, and the brand impersonation sign-off. When this is combined with the mismatched sender domain and the urgency included in the text, it provides the indicators needed to know that this email is malicious and block it before it reaches inboxes.

We have seen an increase in tech support scams that use a phone number as the attack vector, often going undetected by email security solutions. This is because, similar to social engineering attacks, this strategy for malicious engagement does not include easily identifiable threat vectors such as links or attachments. As the pandemic continues to push consumers toward online shopping, scammers may be seeing more success with this discrete vector approach and users should be wary of all attempts to transition to other mediums of communication.

To learn more about how Abnormal can stop these types of brand impersonation scams, see a demo of the platform.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 Types of Email Platform Attacks L1 R2
Discover the most common types of email platform attacks in your cloud network and how you can prevent them.
Read More
B 1500x1500 Lilac Wolverine L1 R1
Threat group Lilac Wolverine is fine-tuning the art of exploiting people’s willingness to help others in some of the largest gift card attacks we've seen.
Read More
B 1500x1500 Modern Email Attacks Webinar Series L4 R2
Our Modern Email Attacks series has wrapped! Here are some of the biggest takeaways from Chris Krebs, Troy Hunt, and Theresa Payton.
Read More
B 1500x1500 Gartner Insights L1 R1
See our commitment to providing our customers with the best possible solution and support with these reviews from Gartner® Peer Insights™.
Read More
B 11 14 22 SPM Launch Blog Graphics
Security Posture Management gives organizations insight into cloud configuration risks and gaps across user and app privileges.
Read More
B 11 14 22 SPM Launch Blog 2
Cloud email platforms enable better collaboration, but they also create new entry points, making sensitive data more accessible to attackers.
Read More
B 1500x1500 Q3 Ransomeware L1 R2
This post explores the continuation of the sharp decline in ransomware attacks as well as a few other notable data points from Q3 2022.
Read More
B 10 05 22 Cloud Email Security Platform Essentials
Learn the 7 key capabilities a cloud email security platform should have in order to address and resolve common email security challenges.
Read More
B 11 07 22 Valimail
Discover the benefits of a modern, best-of-breed solution to email security with Abnormal Security and Valimail’s New Partnership.
Read More