Amazon-Themed Phishing Campaigns Swim Past Security Checks
Amazon has been used to perpetuate a pair of new phishing campaigns that aim to steal credentials and other personal information claiming to be Amazon package-delivery notices. Amazon has been in high demand lately due to the COVID-19 pandemic preventing many from leaving the house excessively. However, cybercriminals have capitalized on this and have been using the company as a lure for phishing emails.
The emails surpass typical security checks and make it into primary inboxes due to their sophisticated nature. The two campaigns consist of one credential phishing attempt using an Amazon delivery failure notice and one voice phishing attempt also using Amazon. The first campaign operates through the email address of a third-party vendor whose email account has been compromised or spoofed, allowing it to pass through security checks.