Amazon phishing attack claims your account is about to expire

Graham Cluley
Graham Cluley
@[email protected]

AmazonHave you received an email telling you that your account is about to expire? Does the message urge you to confirm “wether” (sic) you wish to continue to use the account or risk deactivation?

Well, hold up a minute. Because if you respond to the notification in haste, you could be repenting at leisure.

Cybercriminals have widely spammed out an attack via email, posing as Amazon, in an attempt to trick users into handing over their credentials.

Amazon phishing email

Sign up to our free newsletter.
Security news, advice, and tips.

Subject: You have (1) Message from Amazon
Attached file: NO003950033.html

Message body:
Dear customer,

Your online account is about to expire and will be deactivated.

Please confirm wether you want to continue using Amazon or not.

If the answer is yes, download and complete the attached form.

If the answer is no, please ignore this e-mail.

Best wishes,
Amazon Team

Note - Do not reply to this e-mail.

Sophos products detect the attached file as Troj/Phish-AZ and intercept the message as spam.

If you made the mistake of opening the attachment, you would be faced with a web form which asks you for your credit card details, date of birth and so forth before uploading them to a remote web server.

Bogus Amazon form

Many computer users may have woken up to the dangers of phishing, and how if you click on a link in an unsolicited message you might be taken to a bogus website. But are they also clued-up enough to realise that opening any attached file might also be an attempt to lure them into handing over personal information?

Do your bit for your friends and family, and warn them of the dangers that lurk on the net and might be attempting to compromise them via their inbox.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.