This phishing attack is impersonating Amazon in order to steal your login credentials. “Amazon account” -themed attacks are popular since the backstory of having an Amazon account, is true for many recipients.
The attack exploits human emotions with a fictitious story. By threatening to close the account permanently, the victim is urged to react to the message.
Off the Hook
- Double check that the details match up. Do you have an Amazon account associated with this email?
- Check that the senders email address is a legitimate Amazon address. Attackers might be using different techniques such as typo-squatting (e.g. amaz0n.com instead of amazon.com) or using subdomains that feature amazon (e.g. support@amazon.anotherdomain.com )
- Check if the button actually links to Amazon by hovering over it. You should be able to see the link in the lower left corner of your browser window.
- Browse directly to Amazon by typing amazon.com into your browser and sign-in to check if your account is really locked or not
Get more cybersecurity insights like this
- Subscribe to All Things Human Risk to get a monthly round up of our latest content
- Request a demo for a customized walkthrough of Hoxhunt
