Cybercriminals’ strategies are constantly improving, and a recent phishing attempt on Amazon users exemplifies their unique approach. Hackers are now using Google Drawings as part of a complex three-step phishing attack to fool victims and collect personal data.
Deceptive Email: The attack begins with a fairly valid email that purports to be from Amazon. This email frequently has an enticing subject line, such as “Important Account Update” or “Security Alert.” It employs recognized branding and language to instill a sense of urgency, urging recipients to take urgent action.
Google Drawings Exploit: When the user opens the link provided in the email, they are taken to a Google Drawings document. At first sight, the document appears to be a normal file, but it contains a hidden hyperlink or embedded script. This false page is designed to resemble an Amazon login page, gathering user credentials as they are input. Google Drawings is an uncommon target for such assaults because it does not typically elicit quick suspicion from consumers.
Credential Harvesting: After the user enters their credentials, the phishing site sends the sensitive information to the attackers. The hackers then use the stolen credentials to get illegal access to the victim’s Amazon account, which could result in additional exploitation or financial loss.
Protective Measures
To avoid such assaults, users should be wary of unsolicited emails and check the veracity of links before clicking. Ensuring website security and utilizing multi-factor authentication can provide additional layers of defence against phishing attacks. To summarize, this new phishing scam emphasizes the importance of remaining vigilant and aware of developing cyber risks. Understanding and recognizing these strategies allows users to better protect themselves from such sophisticated attacks.
