A wave of particularly sophisticated fraudulent emails is currently targeting Free subscribers. The scam impersonates Amazon Prime, one of the American online retail giant's flagship services, and uses a particularly disturbing technique. Indeed, the messages contain the victims' real bank details (IBAN), making the phishing attempt much more convincing.
Data stolen in a previous cyberattack
These fraud attempts rely on data stolen during the massive data breach suffered by Free at the end of last year. The highly publicized cyberattack exposed the personal data of nearly 19 million customers, including 5.1 million IBANs. Since then, cybercriminals have been using this valuable information to deploy targeted and personalized scams.
The scheme implemented by the cybercriminals is simple but effective. Victims receive an email purportedly from Amazon Prime, informing them that they have subscribed to an "Amazon Prime Family" service billed at €480 per year. Although this service does not exist, these emails can be particularly disturbing since they contain the victims' personal IBAN, making the scam much more convincing. The messages also include the user's full name and postal address.
To create a sense of fear, the scammers indicate that the charge will be made in the coming days. A "Cancel Subscription" button is highlighted, and recipients are encouraged to click to avoid the fake charge. The link actually redirects to a fraudulent website, with an interface inspired by the official Amazon website, designed to steal more personal or banking information. The victim is asked to enter their contact information, including their date of birth and telephone number.
For several weeks, a variant of the scam has been around and no longer necessarily mentions the sum of 480 euros. However, the process remains the same and encourages the user to enter personal data and banking details.
How to recognize and protect yourself from this scam
This type of scam is not new and several clues can identify that it is a phishing attempt. If you are not the one who initiated the process, the first thing to do when faced with an email indicating the activation of a service is... to do nothing. In fact, you should not click on any element of the email even if it displays your full name or a large sum.
- The good reflex to have is to check the sender's address, because it does not necessarily have a link to the official website. As part of this campaign, emails were sent from addresses such as "[emailprotected]", "[emailprotected]" or "[emailprotected]". These domain names are not those of Amazon.
- Next, check the body of the email, because it may contain spelling or formatting errors. If you have already clicked on the potentially fraudulent link, take the time to check the domain name in the address bar and the interface. "Fake" sites are generally limited to a single page that encourages you to enter a username. Amazon's official websites are amazon.fr and primevideo.com
- Don't hesitate to visit an official help page via a search engine to find out about the service's existence. While Amazon Prime or Prime Video actually exist, Amazon Prime Family does not.
More generally, do not click on links in an email if you have the slightest doubt. It is always better to go through the official website or an app to find out more. It is also recommended to report these attempts on the official 17Cyber platform or directly to Amazon.
0 Comments