A new Amazon gift card scam is landing in inboxes – and it’s really not very Christmassy

A new Amazon gift card rip-off has emerged that seeks to capitalize on the increase in on the web paying for the duration of the holiday getaway period to infect victims with a banking trojan.

In accordance to a report from safety company Cybereason, scammers are distributing a extremely convincing phishing email that contains a document “weaponized with malicious macros”.

Dressed up with Amazon branding, the email statements to give the receiver a free of charge $a hundred voucher that they ought to obtain to activate. After the sufferer has downloaded the file, they are redirected to a reputable Amazon webpage, incorporating to the sense of legitimacy cultivated by the scammers.

The malware installed on the victim’s gadget is a fearsome banking trojan regarded as Dridex, developed to steal e-banking credentials and other delicate facts. Operated by infamous cybercrime syndicate Evil Corp, the trojan has been lively in several distinctive varieties considering the fact that 2012.

In this distinct instance, the operators use three distinctive supply approaches to infect customers with the Dridex trojan: infected Phrase documents, self-extractive screensaver files and VBScript files. This stage of range maximises the possibility to bypass email safety resources that may well filter for particular file extensions.

Amazon gift card rip-off

This is not the to start with time fraudsters have attempted to just take edge of customer believe in in dependable brands these as Amazon, of course, but the increase in e-commerce action as a outcome of the pandemic has only additional gas to the fire.

“Consumers have lengthy been a favored target for cybercriminals, and the sharply improved volume of on the web procuring spurred by the Covid-19 pandemic have manufactured customer-targeted assaults perhaps even a lot more eye-catching,” defined Daniel Frank, researcher at Cybereason.

“Adding to the expanding attractiveness of on the web procuring and the inherent pitfalls is the truth that Dridex is regarded to be takedown resistant to some degree, and the truth that there are numerous other destructive malware variants out there.”

In accordance to Frank, it is up to all of us to continue being alert to social engineering ripoffs and interrogate any e-mail that feel much too great to be real.

Broadly talking, it is essential to scrutinize e-mail for abnormalities that may well determine a rip-off (e.g. spelling and grammar mistakes) and cross-verify landing web site URLs with regarded addresses before coming into account or payment facts.

Firms, for their section, need to ensure workforce undertake ideal safety instruction and again this up with demanding email filters, antivirus computer software and advanced id administration solutions.