A new Amazon gift card scam has emerged that seeks to capitalize on the rise in online spending during the holiday season to infect victims with a banking trojan.
According to a report from security firm Cybereason, scammers are distributing a highly convincing phishing email that contains a document “weaponized with malicious macros”.
Dressed up with Amazon branding, the email claims to offer the recipient a free $100 voucher that they must download to activate. Once the victim has downloaded the file, they are redirected to a legitimate Amazon webpage, adding to the sense of legitimacy cultivated by the scammers.
The malware installed on the victim’s device is a fearsome banking trojan known as Dridex, designed to steal e-banking credentials and other sensitive information. Operated by notorious cybercrime syndicate Evil Corp, the trojan has been active in various different forms since 2012.
In this particular instance, the operators use three distinct delivery methods to infect users with the Dridex trojan: infected Word documents, self-extractive screensaver files and VBScript files. This level of variety maximises the opportunity to bypass email security tools that might filter for certain file extensions.
Amazon gift card scam
This is not the first time fraudsters have attempted to take advantage of consumer trust in reputable brands such as Amazon, of course, but the rise in e-commerce activity as a result of the pandemic has only added fuel to the fire.
“Consumers have long been a favored target for cybercriminals, and the sharply increased volume of online shopping spurred by the Covid-19 pandemic have made consumer-focused attacks potentially even more attractive,” explained Daniel Frank, researcher at Cybereason.
“Adding to the growing popularity of online shopping and the inherent risks is the fact that Dridex is known to be takedown resistant to some degree, and the fact that there are many other destructive malware variants out there.”
According to Frank, it is up to all of us to remain alert to social engineering scams and interrogate any emails that seem too good to be true.
Broadly speaking, it’s important to scrutinize emails for abnormalities that might identify a scam (e.g. spelling and grammar mistakes) and cross-check landing page URLs with known addresses before entering account or payment information.
Businesses, for their part, should ensure employees undertake appropriate security training and back this up with strict email filters, antivirus software and sophisticated identity management solutions.