Black Friday Themed Amazon Voucher Scam
The Websense® ThreatSeeker® Intelligence Cloud has detected Amazon voucher scams using Black Friday Gift Card themes as a lure. We have observed a surge of over 20,000 spam emails with the subject of "Amazon Black Friday Gift Card #XXXXXXXXX" since Thursday 20th November (where "X" signifies the use of random digits in the email subject).
As Thanksgiving Day is just around the corner, the shopping season is also here, and it appears that cybercriminals are going to take full advantage of this chance to spread spam scams and increase their illegal revenues, utilizing well-known, and trusted, brands such as Amazon.
- When a user clicks on "Activate My Amazon.com Rewards", it will redirect them to a survey page which advertises a reward for filling out the survey.
- Users are encouraged to submit their personal information.
- The pages were designed to serve different language versions according to the victim's geographical location.
- Stage 2 (Lure) - ACE has detection for the email lures & the URLs used in these lures.
- Stage 3 (Redirect) - ACE has detection for the redirect pattern that occurs if a user visits one of these URLs, and for the survey scam pages themselves.
One email sample with this Amazon theme:
The links in this email campaign have a common pattern:
After the victim completes the survey steps, it finally asks them to select a reward. However, you have to fill out personal information in order to do so. Obviously there is no free voucher at all, and the survey here blatantly engages in illegal methods to advertise and generate traffic to a web site that earns the cybercriminal money.
Thus, this is the true nature of the scam. The aim of the lure is to generate revenue as part of a Cost Per Action (CPA) lead scam. This a technique that we have been tracking for some time, as our previous blogs show.
CPA style scams that leverage the reputation of popular companies like Amazon and use topical themes to fool their victims remain common amongst cybercriminals, providing a quick and easy way for them to generate revenue. While these campaigns are usually not malicious by nature they pose a significant risk to users who may give out personal information, making them a more viable target for future attacks.