The increase in ‘Online’ purchases during the pandemic has not gone unnoticed for cybercriminals, who have deployed a new identity impersonation campaign of digital shops such as Amazon and logistics companies for bank card theft.

The ESET cybersecurity company has detected a new campaign where cybercriminals try to deceive their victims through emails in which they indicate that they have been selected to receive a high-end award until several types
of appliances.

These emails show a great resemblance with those used in Amazon’s official communications, being “practically identical” both corporate colors and buttons used.
“It is very easy to confuse this email by a legitimate one,” he warns from ESET in a statement.

If the victim clicks on one of the links provided in the mail will be redirected to a website whose domain has nothing to do with the Amazon, but it saves a design similar to that of this company.
On this website, you will be asked to fill in a simple survey.

After answering these questions, the victim will access a web in which three of the supposed gifts available, including a ‘Smartphone’ Android, an iPhone and a high-end vacuum cleaner, with the corresponding button to add it to the basket
.

However, when processed the order, the victim is redirected to another website that has no relationship with Amazon, where they request a series of personal data, including the name, surname, phone address, phone and email.

Once the previous fields are filled out, the scammers request the data by which they are actually interested, those corresponding to the bank card, to supplant the identity of the victim and make payments on his behalf.

The Director of Research and awareness at ESET Spain, Josep Albors, has pointed out that “despite being a known and ancient technique, criminals continue to get new victims with this type of campaign.”

For this reason, they understand that “it is very important to be alert to this type of actions and avoid following links embedded in unsolicited emails, being preferable to go to the official website to confirm or deny possible scams.”