It’s the holiday season, and with it comes a multitude of hackers trying to cash in on everyone’s online purchases. These phishing scams always increase when the holiday season comes around, so it’s best to stay vigilant so that you don’t give yourself the gift of sadness this year. One such threat is already here, and it’s voice spoofing of Amazon orders.
In this case, an email scam is circulating which encourages users to call a number listed to confirm an order, usually one with a large price. This nasty trick is intended to harvest phone numbers and credit card numbers for later exploitation. Security researchers Avanan have found that the contact number listed on the email is not Amazon; it is instead a scammer who records the phone number with Caller ID. Afterwards, the user will be contacted by the scammer, who requests that the user provide financial information in order to cancel the order.
We think enough people are familiar with Amazon now to determine that there are several red flags with this scenario. First of all, you know how to cancel an Amazon order; just log into your account and do it from there. Second, if you placed an order with Amazon, why would you have to reconfirm your financial information when it is already on file? It just doesn’t make sense, and that’s the point we are trying to make. A lot of these issues can be resolved simply by slowing down, taking a step back, and not rushing to conclusions or to resolve a problem that does not exist.
Scams involving online retailers are nothing new, but this particular scam is notable because the emails that get sent out are able to make it past spam blockers and content filters. It does this by including legitimate links within the body of the email, meaning that your email solution doesn’t necessarily flag it immediately.
We offer the following advice to you:
- Don’t call numbers you don’t recognize.
- Don’t click on suspicious links in your email inbox.
- Don’t give out your personal information or credit card information just because someone on the phone told you to.
- Check the sender for any message you feel is suspicious to ensure it is legitimate.
- Check your account before responding to any correspondence from the sender.
- Set up multi-factor authentication, just in case.
Stay safe this holiday season with Horne & Benik. We can help your business stay secure through advanced industry-standard security solutions designed to protect your organization. To learn more, reach out to us at (603) 499-4400.