NEWS FROM THE LAB - Sunday, December 11, 2005

Fishing on the amazon Posted by Mikko @ 21:00 GMT

Almost any online shop can be a target of phishing scams. Amazon.com, being one of the largest online shops in the world, is a popular target.

Here's a recent example. Somebody sent out a fairly large mailing of "Order enquiry" emails from "support@amazon.com", directing people to a fake Amazon.com look-a-like site hosted in South Korea:


But this site is not just about stealing your Amazon username and password. Once you "log in", you get a new page, asking you to update your credit card information:


Here's a nice detail: see the "DFFDFD'S STORE" button above? The hacker was logged into the real Amazon.com with that user account when he stole the graphics.

Next you might notice that the site is also asking for your credit card PIN number. Funny that, I don't remember Amazon asking for this before...let's see the details.


Oh, it's for security. To fight identity theft and credit card fraud. Great.