chat
expand_more

AWS Impersonated in Credential Phishing Attack

Due to recent quarantine restrictions, companies have moved to online collaboration software and cloud-based applications. Despite the benefits of convenience and increased productivity from the use of cloud computing services, user accounts for these services...
May 27, 2020

Due to recent quarantine restrictions, companies have moved to online collaboration software and cloud-based applications. Despite the benefits of convenience and increased productivity from the use of cloud computing services, user accounts for these services are still vulnerable. Hackers will specifically tailor attacks to impersonate these platforms in order to access sensitive business data.

In this attack, attackers are impersonating a notification from Amazon Web Services in order to steal the credentials of employees.

Summary of Attack Target

  • Platform: Microsoft Office 365
  • Email Security Bypassed: FireEye
  • Victims: Employees
  • Payload: Malicious Link
  • Technique: Brand Impersonation

Overview of the Amazon Web Services Attack

This email impersonates an automated notification from Amazon Web Services (AWS). The anchor text of the links appear to be credible AWS links.

Despite appearing legitimate, the hyperlinks redirect to a different URL that has a webpage identical to the AWS login page but it hosted at athirteen.com, which has no affiliation to Amazon Web Services or the Amazon company.

Multiple versions of this attack have been seen across different clients, using different sender emails and different payload links. However, each of the emails from this campaign originates from the same IP, hosted by a French VPN, and each of the payload links employed in this attack leads to AWS credential phishing websites.

If recipients fall victim to this attack, the login credentials for their Amazon Web Services account will be compromised and the sensitive data stored on their account would also be at risk. For organizations who run on AWS, this could have disastrous consequences.

Why the Amazon Web Services Attack is Effective

The attack impersonates Amazon Web Services, and the anchor text used in the email body looked like real Amazon links. In addition, the landing page contains official images used by the company and appeared exactly like the real login page. By hiding the real URL, the user may be unaware that the site they are accessing is not the real AWS page.

Abnormal detects this attack as malicious due to a variety of factors. The most pertinent one is that DMARC email authentication fails for Amazon, and when combined with the suspicious links, unusual sender behavior, and the content that impersonates a brand, the platform can quickly tell that this email is dangerous.

To see how Abnormal can protect your employees from becoming the next victims of credential phishing, see a demo today.

AWS Impersonated in Credential Phishing Attack

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B SOC Prod
Learn how AI-driven automation boosts SOC productivity by reducing false positives, addressing skills gaps, and enhancing threat detection. Discover strategies to future-proof your SOC and strengthen cybersecurity defenses.
Read More
B Proofpoint Customer Story F500 Insurance Provider
A Fortune 500 insurance provider blocked 6,454 missed attacks and saved 341 SOC hours per month by adding Abnormal to address gaps left by Proofpoint.
Read More
B Malicious AI Platforms Blog
What happened to WormGPT? Discover how AI tools like WormGPT changed cybercrime, why they vanished, and what cybercriminals are using now.
Read More
B MKT748 Open Graph Images for Cyber Savvy 7
Explore insights from Brian Markham, CISO at EAB, as he discusses cybersecurity challenges, building trust in education, adapting to AI threats, and his goals for the future. Learn how he and his team are working to make education smarter while prioritizing data security.
Read More
B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More