A new Amazon gift card scam is landing in inboxes – and it’s really not very Christmassy

A new Amazon gift card scam has emerged that seeks to capitalize on the rise in on the net paying for the duration of the holiday break period to infect victims with a banking trojan.

According to a report from stability business Cybereason, scammers are distributing a highly convincing phishing electronic mail that consists of a doc “weaponized with destructive macros”.

Dressed up with Amazon branding, the electronic mail claims to provide the recipient a free $a hundred voucher that they must obtain to activate. As soon as the target has downloaded the file, they are redirected to a legitimate Amazon webpage, including to the feeling of legitimacy cultivated by the scammers.

The malware put in on the victim’s product is a fearsome banking trojan acknowledged as Dridex, created to steal e-banking credentials and other sensitive facts. Operated by notorious cybercrime syndicate Evil Corp, the trojan has been energetic in many diverse varieties due to the fact 2012.

In this certain occasion, the operators use 3 distinct delivery procedures to infect end users with the Dridex trojan: contaminated Phrase files, self-extractive screensaver files and VBScript files. This amount of range maximises the opportunity to bypass electronic mail stability resources that may possibly filter for selected file extensions.

Amazon gift card scam

This is not the to start with time fraudsters have tried to consider gain of customer have confidence in in reliable manufacturers these types of as Amazon, of study course, but the rise in e-commerce action as a final result of the pandemic has only added fuel to the hearth.

“Consumers have long been a favored goal for cybercriminals, and the sharply greater volume of on the net shopping spurred by the Covid-19 pandemic have created customer-concentrated attacks most likely even a lot more eye-catching,” defined Daniel Frank, researcher at Cybereason.

“Adding to the developing recognition of on the net shopping and the inherent hazards is the fact that Dridex is acknowledged to be takedown resistant to some degree, and the fact that there are many other damaging malware variants out there.”

According to Frank, it is up to all of us to remain notify to social engineering cons and interrogate any email messages that seem far too excellent to be true.

Broadly talking, it’s important to scrutinize email messages for abnormalities that may possibly establish a scam (e.g. spelling and grammar mistakes) and cross-check landing website page URLs with acknowledged addresses right before moving into account or payment facts.

Corporations, for their aspect, should really make sure workforce undertake proper stability education and back again this up with rigorous electronic mail filters, antivirus software program and complex id management remedies.