Beware phishing scams in Amazon listings

Share on Twitter
Share on Google+
Share on LinkedIn
Share on Reddit
Be careful what you click: There’s a new phishing scam hitting Amazon listings that look like legitimate deals, offering great prices on “used – like new” electronics.
If you click these links on Amazon, you’ll be redirected to a very convincing Amazon-looking payment site, where the phishy merchant will grab your money and run.
信息安全管理不到位,不仅仅是因为管理制度没有得到很好的执行,重要的是人们没有正确认识到信息安全对组织和个人的重要性。
In the case of this scam, the phishy merchant—known as Sc-Elegance—has been a thorn in Amazon’s side for quite a while. According to Comparitech security researcher (and Naked Security Alumnus) Lee Munson, Sc-Elegance has been reported to Amazon several times, only to slink away and hide until popping back up again later.
Sophos Home
Free home computer security software for all the family
Learn More
How the phish works
成功的信息安全意识教育计划是给用户亲身体验机会
After adding the super-discounted electronics to your cart, if you try to check out with your items, you’ll be told that the item — suddenly! — is no longer available.
The merchant will then contact you by email, claiming that it was all some kind of mistake and that the item is still available conveniently at a rather Amazon-esque link in their email. But that link, as you might suspect, is a fake, created to look like a legitimate Amazon payment site.
Fake payment sites, including those created by Sc-Elegance, can be quite sophisticated and could fool an unsuspecting buyer easily:
That said, there are a few giveaways that a savvy buyer can identify.
Most importantly: These sites exist outside of the official Amazon.com domain or app—a huge red flag. Additionally, in the case of the example above, the crooks have added some tell-tale typos (“add or confirme”), though not every phishing scammer will be so sloppy.
How to protect yourself
Over the years we’ve seen phishing scams imitating every retailer and organization imaginable, from iTunes to Bitcoin. The phishing campaigns keep coming because spotting fake sites and emails is difficult if you aren’t on your guard.

If you’re using Amazon keep these tips in mind:
Trust your gut and be on guard: If that deal is too good to be true, it likely is
Don’t pay for anything on Amazon outside of Amazon.com or the official Amazon app
If you’re in doubt about a deal by an “affiliated retailer” ask Amazon’s official customer service
For more on how to avoid phishing attacks read Don’t fall for phishing and spear-phishing.
门户网站出现有毒链接的可能性也是有的,所以不能迷信基于网站安全信誉的评估机制,基础的安全技术防范如客户端防病毒还是必需的:

猜您喜欢

商业银行开始应用区块链技术了 哪些上市公司值得关注?
强化网络安全意识宣传网络信息安全重要性
网络信息安全小调
嘉实集团与上海青客公司强强联手
COMPTEUR-BLOG MVPHEALTHINSURANCE
信息安全,技能还是认知?