Amazon Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Tue, 17 Sep 2024 13:11:26 +0000 en-US hourly 1 https://wordpress.org/?v=82832 200474804 Amazon Prime Day Scams and Fake Amazon Websites https://gridinsoft.com/blogs/amazon-prime-day-scam/ https://gridinsoft.com/blogs/amazon-prime-day-scam/#respond Mon, 16 Sep 2024 09:31:33 +0000 https://gridinsoft.com/blogs/?p=15911 Amazon Prime Day scams is a name for fraudulent schemes that parasite on a sell-off day of the famous retailer. Such events pose a significant moment for retailers, but they also present an opportunity for scammers for taking advantage of unsuspecting shoppers. Whole networks of scam pages that mimic Amazon are created, and in this… Continue reading Amazon Prime Day Scams and Fake Amazon Websites

The post Amazon Prime Day Scams and Fake Amazon Websites appeared first on Gridinsoft Blog.

]]>
Amazon Prime Day scams is a name for fraudulent schemes that parasite on a sell-off day of the famous retailer. Such events pose a significant moment for retailers, but they also present an opportunity for scammers for taking advantage of unsuspecting shoppers. Whole networks of scam pages that mimic Amazon are created, and in this article, I will show what they are, and how to avoid them.

Amazon Prime Day Scams

Prime Day takes place for two consecutive days every year. Shoppers are eager for Prime Day deals, but so are scammers, who aim at defrauding people for their own profit. A classic scam includes an email asking customers to verify their account, leading them to a fake Amazon website to steal their personal information.

Amazon Prime Day Scams
An example of a phishing email

Experts say most phishing scams targeting Amazon customers rely on their lack of understanding of how the retailer communicates with individuals. Scott Knapp, Amazon’s Director of Worldwide Buyer Risk Prevention, stated that company representatives rarely contact shoppers directly or ask for order details. Nonetheless, there are plenty of other directions of the fraud that you should be aware of.

Fake Amazon Websites

One of the frequent types of scams is fake websites that superficially resemble the original service or store. I have analyzed two typical examples of such sites, Amazonexal[.]com and Lainedmn[.]com (shut down at the moment). Both claim to be a branch of Amazon and offer items at heavily discounted prices. But obviously, there are no such branches of the company, and both sites gather a complete scam bingo.

Fake Amazon Websites
Screen of fake Amazon website
  • Websites’ age may vary, but the content almost always changes every 2-3 weeks. That is done to scatter the complaints and pretend that earlier trades related to the site never happened.
  • Both websites use content from amazon.com and the Amazon logo but they do not have any official affiliation with Amazon. That is, in fact, a huge red flag for any type of shopping site: lacking your own content puts in question the presence of offered goods in the first place.
  • None of the sites have reviews and feedback. Some of the pages have the “feedback section”, that in fact consists of made up writings lodged into the site, without the ability to add your own comment.
  • None of the sites have a social media presence besides victims’ complaints online. Even if there are visible buttons for Instagram, Twitter or Facebook pages, they are not active 99% of the time.
  • Both websites offer ridiculous discounts and elements that infuse a sense of urgency, so the user is constantly pushed towards making a purchase.

Fraud experts assert that in the past 30 days alone, 2,300 new website domains were registered impersonating Amazon. This is just the beginning, and the higher the price, the more fake sites will be created. These fraudulent sites also offer what appears to be a copy of a legit payment page. Most likely, these pages collect all the banking information one types in, so there is also a risk of banking account hijack. Here the list of latest fake websites were used in the scam:

  • Amazon-activity[.]com
  • Amazonexal[.]com
  • Amazon.com.billing-inquiry[.]com
  • Lainedmn[.]com
  • amazon-store[.]com
Fake Amazon Websites
Fake form to collect personal data

Fake Gift Cards and Promo Codes

Another possible vector for Amazon Prime Day scams is fake gift cards and promo codes, that provide significant discounts to anything you buy. While genuine Amazon gift cards promo codes can be found on trustworthy websites, scammers may impose such services, offering to buy these gift cards of promo codes from them.

You can get to such a fraudulent deal while browsing sites and forums related to Amazon shopping. Once in, you will see gift cards for sale at 10-25% of their real value (i.e. $100-250 for a $1000 gift card). Thing is – site owners don’t have any codes to share with you, and after receiving your pay they cut any communication.

Fake Coupons and Promos
Example of fake ads

Another edge of this scam is free gift cards giveaways. The are in fact more of a constant theme, rather than a seasonal occurrence. Frauds set up a landing page that offers users to get a free $500-$1000 gift card only for sharing their personal data. As you may already know, this data share is one way – no one sends back any free stuff.

How to report a scam

  • If you have been scammed, report it to Amazon support through their official website or phone number.
  • You should inform your bank as soon as possible. This increases their chances of stopping the fraudster.
  • Finally, report the scammers to the platform through which they contacted you.
  • If you’re concerned that your Amazon account may be at risk, the seller’s website has tips to help protect your information.

Tips for safe Prime Day shopping

We have some helpful tips to prevent falling victim to scams. It is better to follow them all rather than picking one separate, as there is no universal solution.

  • Double-check domain names. If the website address does not start with “Amazon.com,” it could be fraudulent. This applies to other online retailers as well. Look for misspellings, extra punctuation, or anything unusual in the address.
  • Stick to Amazon’s official website, app, and stores for purchases. Amazon never asks for payment over the phone/email or through third-party sites.
  • It’s safer to enter retailer URLs manually rather than clicking on potentially harmful links. If you receive a suspicious message, claiming that you ordered something, go to «amazon.com» and check your Amazon account’s “My Orders” section to confirm.
  • Use a strong password and enable two-factor authentication. Passwords should be extended, unique, and random. Avoid reusing passwords across multiple accounts.
  • Treat limited-time Prime Day deals with caution. Offers requiring immediate purchase may be cybercriminal traps.

Scammers don’t take breaks, and with Prime Day around the corner. So, it’s essential to remain vigilant against fraud. The tips we’ve provided can help safeguard you against online scams.

The post Amazon Prime Day Scams and Fake Amazon Websites appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/amazon-prime-day-scam/feed/ 0 15911
Top Amazon Scams to Avoid https://gridinsoft.com/blogs/top-amazon-scams-to-avoid/ https://gridinsoft.com/blogs/top-amazon-scams-to-avoid/#respond Tue, 14 May 2024 20:04:11 +0000 https://gridinsoft.com/blogs/?p=12676 Because of its reliability, Amazon is a popular choice for both buyers and sellers. But fraudsters frequently turn to the eCommerce market to scam others. In addition, false threats expose new vulnerabilities daily. Consequently, taking measures to safeguard your business is crucial. This is because many scams target businesses every day. This is why we… Continue reading Top Amazon Scams to Avoid

The post Top Amazon Scams to Avoid appeared first on Gridinsoft Blog.

]]>
Because of its reliability, Amazon is a popular choice for both buyers and sellers. But fraudsters frequently turn to the eCommerce market to scam others. In addition, false threats expose new vulnerabilities daily. Consequently, taking measures to safeguard your business is crucial. This is because many scams target businesses every day. This is why we created a list of top Amazon scams that businesses face and ways to avoid them.

How Do Amazon Scams Work?

Scam artists use deceptive methods such as social engineering to trick people into thinking they are being fooled by the Amazon scams they create. New scams are found every day, thanks to these fraudsters. They pretend to be actual representatives of Amazon to lure you with enticing offers you can’t refuse. They’ll ask for your credit card number, money, orde purchase from them.

Common Amazon Scams

1. Unauthorized Purchase Scam

Cybercriminals can abuse a customer’s account by fraudulently requesting expensive merchandise they don’t intend to purchase. They’ll often do this by using a phishing email or phone call. Crooks can ask customers to reveal their credit card information during a phone call or visit a phishing website. If customers comply, cybercriminals can drain their bank accounts through the sale.

Amazon Scam: Unauthorized Purchase

2. Fake Technical Support

Scammers are impersonating Amazon employees and contacting people claiming there’s a problem with their accounts or orders. This is to steal personal and financial information, take money from you or gain access to your computer. Messages are accepted via phone calls, emails, texts, and even Messenger (Facebook). Regardless of the method of communication, the ultimate goal is to obtain consumers’ personal and financial information. Scammers have successfully obtained social security numbers, sensitive banking information, driver’s license numbers, credit card information, tax IDs, and other personal information. Amazon states that the company will occasionally contact its customers, but the company “will never request personal information via email, text messages, or phone calls”. Additionally, Amazon will never request payment outside of the website and will never request remote access to your device.

3. Malicious Links with Amazon impersonation

This method of data theft relies on the victim believing an Amazon email scams or text message is from Amazon. They’re instructed to click a link or open a message to address a technical issue with their account. However, this site is completely controlled by crooks who send you spam messages. Wherever you click or whatever you type – it will end up on their screens. Since such sites usually ask for login credentials, banking information or similar personal data, it will be pretty dangerous to share it with less-than-trustworthy actors.

4. Amazon Gift Card Scam

Gift cards are only accepted for purchases on Amazon. They can’t be used for any other brands or retailers. They can’t use them for any legitimate sale or transaction outside of Amazon. Additionally, you can’t use gift cards from other brands or retailers to make a payment on Amazon. Redeeming a gift card to your account must be done on Amazon’s website. Only use gift cards for other retailers and brands in their respective locations. You can utilize gift cards that include a card network brand (e.g., Visa, MasterCard, American Express, or Discover) at stores that accept these cards. However, please don’t give them directly to an individual for payment. Do not provide gift card information (such as the claim code) to someone you don’t know or trust. Always verify the identity of anyone requesting gift card information.

Amazon Scams: Fake Gift Card
Example of Fake Amazon Gift Card

5. Amazon Payment Scams

Con artists often convince you to pay for their products outside Amazon’s secure payment system. They’ll offer discounts or incentives if you pay via PayPal or Western Union. However, paying them in that way makes them free to cheat with your item. Because the payment was made outside of Amazon’s platform, the buyer protection mechanisms won’t be helpful in these circumstances. Additionally, merchants likely will delete an account after this event.

6. Prize Amazon Scam

This message appears as a notification to users that they have won a prize. However, to receive it, they must click on a link – that is apparently malignant. The website is controlled by scammers who will either steal your username and password or make you pay for a “prize” you’ll never receive. Crooks may also apply using a spoofed payment page, which means exposing your bank card details.

How To Identify An Amazon Scams?

  • Check the email thoroughly. It probably needs to be more accurate if it has grammatical errors, unclear terminology, or indications of machine translation.
  • Examine the tone of the message. A clear indication of a scam is a sense of urgency or desperation. Depersonated appeals (“Dear user” instead of mentioning your username) may be another marker.
  • Be cautious of emails you are not expecting. It is surprising to hear about the discount on an item you’ve never been interested in, ain’t it? Don’t be naive and review things through genuine websites.
  • Request to pay in a different payment method. Circumventing the Amazon payment mechanisms breaks the User Agreement, so both yours and the merchant’s account can be banned. More commonly, such a trick is a way to make the refund impossible.

How to report scams to Amazon

If you receive unsolicited communication from anyone claiming to represent Amazon, report it immediately. The most effective way to write the scam is to report it through Amazon’s website:

  1. Log in to your Amazon account on the mobile app or official website.
  2. You can access Amazon’s official customer service site by visiting the following URL: Amazon’s Customer Service.
  3. Navigate to the “Help” menu options and select Security and Privacy > Report Something Suspicious.
  4. Choose from the options, depending on how you responded to the suspicious communication.
  5. Make your report include as much information as possible. Examine the letter to get the merchant’s name, address, and screenshots of the correspondence. Pics of your chat and its offers will work out as well.

How To Prevent Amazon Scams

1. Never send money outside of the Amazon payment systems.

Amazon provides a secure payment system to protect buyers and sellers during transactions. Always ensure that all payments for purchases are processed through Amazon’s official payment system. Avoid any request to send money via direct bank transfer, wire transfer, or any third-party service outside Amazon’s platform. These requests are typically signs of fraud, as they bypass Amazon’s safeguards and make it difficult to recover funds in case of a scam.

💡 Why it’s important:

  • Ensures buyer protection policies apply.
  • Prevents exposure to fraudulent schemes.
  • Facilitates easier tracking and dispute resolution through Amazon.

2. Avoid clicking on suspicious links. Log into your Amazon account by visiting their page or using the official app to check something.

Phishing attacks often use deceptive emails or messages containing links that appear to be from Amazon. These links may lead to fake websites designed to steal your login credentials or install malware. Instead of clicking on links from emails or messages, always manually enter “amazon.com” into your browser or use the official Amazon app to log in and check your account, orders, or any notifications.

💡 Why it’s important:

  • Protects your personal and financial information.
  • Avoids exposure to malware and phishing scams.
  • Ensures you interact with the genuine Amazon site.

3. Never divulge personal information or credentials to anyone who claims to be representing Amazon.

Amazon will never ask for sensitive information such as your password, Social Security number, or credit card details via phone, email, or text. Be cautious if someone contacts you claiming to be from Amazon and requests personal information. Do not provide any such details, as this could lead to identity theft or fraud.

💡 Why it’s important:

  • Prevents unauthorized access to your account.
  • Protects against identity theft and financial loss.
  • Ensures your personal data remains secure.

4. Call Amazon to verify if you observe anything questionable or unsure about someone acting as their representative over the phone.

If you receive a phone call, email, or any other communication from someone claiming to be from Amazon and you are uncertain about its legitimacy, do not respond or provide any information. Instead, contact Amazon directly using the customer service number listed on their official website to verify the authenticity of the communication. This step helps you confirm whether the contact is genuine and allows Amazon to take action if it is a scam.

💡 Why it’s important:

  • Provides direct confirmation from Amazon.
  • Helps in identifying and stopping fraudulent activities.
  • Ensures peace of mind by getting accurate information from a trusted source.

Top Amazon Scams to Avoid

The post Top Amazon Scams to Avoid appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/top-amazon-scams-to-avoid/feed/ 0 12676
Amazon Email Phishing: How to Protect Yourself? https://gridinsoft.com/blogs/amazon-phishing-email/ https://gridinsoft.com/blogs/amazon-phishing-email/#respond Mon, 24 Oct 2022 11:47:04 +0000 https://gridinsoft.com/blogs/?p=11348 Amazon email phishing is yet another form of email fraud that parasites on the name of a legit company. As the company operates in different industries, hackers forge their messages to make it look realistic to a specific user. In this post, I will explain how to distinguish a fake email from a genuine one,… Continue reading Amazon Email Phishing: How to Protect Yourself?

The post Amazon Email Phishing: How to Protect Yourself? appeared first on Gridinsoft Blog.

]]>
Amazon email phishing is yet another form of email fraud that parasites on the name of a legit company. As the company operates in different industries, hackers forge their messages to make it look realistic to a specific user. In this post, I will explain how to distinguish a fake email from a genuine one, and show how to avoid such tricky frauds at all.

What are Amazon Phishing Emails?

Amazon phishing emails are, eventually, what it sounds like. Those are email messages that try to mimic genuine notifications. Scam actors are trying to copy the original style of both background and text to make them look trustworthy. In rare cases, they will even establish an email address that mimics ones that are typically used by the company.

But what for? Well, as the company operates in different sectors, the hackers’ interests may range from stealing your money to gathering your sensitive info. The style of their emails change correspondingly, so it is not that easy to describe all of the possible cases. Fortunately, there are a lineup of scam signs cybercriminals cannot get away from.

How to spot Amazon email phishing?

As I said, frauds try to copy the style of original messages. The methods are same for a wide range of similar impersonation scams. Though, all of them share similar details – let’s check each one out.

Suspicious topics.

Scammers will often send emails from Amazon saying that you have won a prize, expired payment details, or need to update your account information. These scam emails intended to dupe you into believing that you need to contact them back. Whenever you receive an email claiming this, it’s best to disregard it and report the incident to the company directly.

Unusual formatting, spelling, or grammar.

Amazon employs a team of writers to carefully compose their emails. So, any errors in grammar, spelling, or formatting should raise red flags. Additionally, people should be on the lookout for phishing attempts when looking for mistakes in their messages.

Emotional language.

Emails that threaten recipients with arrest or claim they’ve won a large sum of money are good indicators that a scammer is attempting to manipulate their emotions. People should always be wary of emails that say “act now” or “you won!”.

Unfamiliar email addresses.

Look at the sender’s address of any Amazon fraud emails to determine if the message is legitimate. They may look similar to genuine, if crooks are doing their best, but they still cannot use original addresses. It is better to check past messages from the company or review their site to see the real emails they use.

Fake Amazon delivery notice
Always check sender’s address of any Amazon emails

How to report an Amazon email scam?

You’re not alone if you’ve received a phishing email. Reporting Internet scams helps businesses prevent future attacks on you and others. While figuring out how to report cybercrime can be confusing, Amazon makes it easy. To report a phishing email to the company, go to the customer service page and follow the on-site instructions.

Amazon Customer Service
Amazon’s customer service page

How to protect yourself from Amazon scam emails

It’s important to keep a close watch on any emails that land in your inbox from suspicious senders. Particularly be wary of any emails from people claiming to work for Amazon security — they may be fakes. Additionally, pay attention to any unusual or flagrant red flags. Although it’s always best to be cautious and proceed with caution when dealing with the security email from anyone’s Amazon account, these tips can help you even further.

Using anti-track software can help you detect unusual activity. This is because strong passwords and a good password manager can keep hackers out of your accounts.

1. Don’t call a phone number

In an Amazon phishing email, intruders sometimes attach the mobile phone number to which you need to call. But don’t do that until you’ve tested the legitimacy of this letter. It is not worth calling such numbers for the following reasons: for connections with which you can withdraw a significant amount from your account, intruders will recognize your number, and you will be subject to vishing. Instead, call Amazon Support and see if they have sent such a message to your email.

2. Don’t reply to emails

Make it a rule not to answer all the letters you get. Even the fact that you respond with a small word still matters. This way, you maintain that your email is active, after which scammers will send you even more Amazon phishing emails.

Amazon email phishing
Example of Amazon phishing email

3. Don’t give out private information via email, phone, or text

When sharing personal information, always remember who it is shared with and for what purpose. Sophisticated Amazon spam that uses spear-phishing techniques can be particularly difficult to detect, so it’s best not to give anyone passwords, login credentials, or financial information over a phone call, text message, or email – even if the request appears legitimate.

4. Keep up with the news about the latest Amazon scam email

A recent Amazon phishing scam falsely alerted Amazon Prime customers to large purchases on their accounts. Amazon Prime email scam emails contain a fake “service number” that victims can call to resolve the issue. Once contacted, scammers attempt to obtain Prime account credentials.

Hackers are always coming up with new solutions to evade detection and deceive victims. Amazon email scams are no exception. Staying up to date will help you identify and defend against the latest threats.

The post Amazon Email Phishing: How to Protect Yourself? appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/amazon-phishing-email/feed/ 0 11348
A Former Amazon Employee Charged for Digital Fraud. Sentencing in September https://gridinsoft.com/blogs/former-amazon-employee-fraud/ https://gridinsoft.com/blogs/former-amazon-employee-fraud/#respond Tue, 21 Jun 2022 17:32:40 +0000 https://gridinsoft.com/blogs/?p=8727 Paige Thompson Faces up to 20 Years for Wire Fraud Paige Thompson, 36, a resident of Seattle, who worked as an engineer in Amazon Web Services, has been charged with seven felonies. She has been found guilty of five cases of unauthorized access to protected systems, damaging a protected computer, and wire fraud. For fraud… Continue reading A Former Amazon Employee Charged for Digital Fraud. Sentencing in September

The post A Former Amazon Employee Charged for Digital Fraud. Sentencing in September appeared first on Gridinsoft Blog.

]]>
Paige Thompson Faces up to 20 Years for Wire Fraud

Paige Thompson, 36, a resident of Seattle, who worked as an engineer in Amazon Web Services, has been charged with seven felonies. She has been found guilty of five cases of unauthorized access to protected systems, damaging a protected computer, and wire fraud. For fraud alone, she faces up to 20 years in jail.

Paige A. Thompson Selfie
Paige A.Thompson.
Image: Paige A. Thompson, selfie from Twitter.

US Attorney Nick Brown noted that Paige Thompson had used her hacking skills to steal the personal information of more than 100 million people and hack computer servers for cryptocurrency mining. She was nothing like an ethical hacker: her intrusions were never a tool for protection improvements, which they could be. She exploited vulnerabilities she knew about to collect sensitive data and use it for her beneficiation.

Thompson was arrested in July 2019 after Capital One made a complaint to the FBI about a hack. Ms. Thompson has created a tool to seek incorrectly configured Amazon Web Services accounts. She managed to obtain data of more than 30 clients of the service, among whom there was Capital One bank. Upon finding a victim, Thompson went on with theft of personal data and installation of coin-mining malware. As a result, she collected data from over 100 million US clients of Capital One. Thompson even boasted about it on Internet chats and forums.

The court scheduled sentencing for September 15. Thompson faces up to 20 years for fraud and up to ten years altogether for two other charges: damage to a protected computer and unauthorized access.

The post A Former Amazon Employee Charged for Digital Fraud. Sentencing in September appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/former-amazon-employee-fraud/feed/ 0 8727
Amazon Patch for Log4Shell allowed privilege escalation https://gridinsoft.com/blogs/amazon-patch-for-log4shell/ https://gridinsoft.com/blogs/amazon-patch-for-log4shell/#respond Fri, 22 Apr 2022 20:09:30 +0000 https://gridinsoft.com/blogs/?p=7496 Palo Alto Networks warns that a patch released by Amazon to protect AWS from high-profile issues in Apache Log4j, including the Log4Shell vulnerability, poses a threat to users. The patch can be used to escape the container and escalate privileges, allowing an attacker to take control of the underlying host. Let me remind you that… Continue reading Amazon Patch for Log4Shell allowed privilege escalation

The post Amazon Patch for Log4Shell allowed privilege escalation appeared first on Gridinsoft Blog.

]]>
Palo Alto Networks warns that a patch released by Amazon to protect AWS from high-profile issues in Apache Log4j, including the Log4Shell vulnerability, poses a threat to users.

The patch can be used to escape the container and escalate privileges, allowing an attacker to take control of the underlying host.

Let me remind you that in December last year, shortly after cybersecurity researchers alarmed about problems in Apache Log4j, Amazon released emergency patches that fix bugs in various environments, including servers, Kubernetes, Elastic Container Service (ECS) and Fargate. The purpose of hotpatches was to quickly fix vulnerabilities while system administrators transited their applications and services to a secure version of Log4j.

Let me also remind you that soon after the discovery of vulnerabilities, real attacks on the Log4Shell were recorded. Moreover, the experts also found out that the Chinese hack group Aquatic Panda exploits Log4Shell to hack educational institutions.

However, as Palo Alto Networks has now found out, the patches were not very successful and could, among other things, lead to the capture of other containers and client applications on the host.

In addition to containers, unprivileged processes can use a patch to elevate privileges and execute code as root.experts say.

The experts showed a video demonstrating an attack on the supply chain with the malicious container image and usage of an earlier patch. Similarly, compromised containers can be used to “escape” and take over the underlying host. Palo Alto Networks decided not to share details about this exploit yet, so that attackers could not use it.

Any process executing a binary named java – inside or outside the container – is considered a candidate for a hotpatch. There, the malicious container could include a malicious binary named java to trick the installed hotpatch into calling it with elevated privileges.the analysts say.

In the next step, elevated privileges could be used by a malicious java process to escape the container and take full control of the compromised server.

Users are advised to update to the corrected version of the hotpatch as soon as possible in order to prevent exploitation of related bugs.

The post Amazon Patch for Log4Shell allowed privilege escalation appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/amazon-patch-for-log4shell/feed/ 0 7496
Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device https://gridinsoft.com/blogs/vulnerabilities-in-amazon-kindle/ https://gridinsoft.com/blogs/vulnerabilities-in-amazon-kindle/#respond Fri, 06 Aug 2021 16:45:13 +0000 https://blog.gridinsoft.com/?p=5790 Check Point researchers reported that in April of this year, IT giant Amazon eliminated critical vulnerabilities in the Amazon Kindle. The problems could be used to gain full control over the device, allowed them to steal the Amazon device token and other confidential data stored on it. For a successful attack on a Kindle, just… Continue reading Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device

The post Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device appeared first on Gridinsoft Blog.

]]>
Check Point researchers reported that in April of this year, IT giant Amazon eliminated critical vulnerabilities in the Amazon Kindle. The problems could be used to gain full control over the device, allowed them to steal the Amazon device token and other confidential data stored on it.

For a successful attack on a Kindle, just one book with malicious code is enough.

The potential attack began by sending a malicious e-book to the user’s mail. After receiving such an attachment, the victim only had to open it, and this launched the exploit. No additional user permission or action was required.

E-books could be used as Kindle malware with various consequences. For example, a hacker could delete all of the user’s e-books, as well as turn the Kindle into a bot and use it to attack other devices on the victim’s local network.experts write.

Even worse, the discovered vulnerabilities allowed attackers to target a specific category of users. For example, to hack a specific group of people or demographic group, a hacker simply had to inject malicious code into a popular e-book in the corresponding language or dialect. As a result, attacks became highly targeted.

The root of the problem lay in the structure of the parsing framework, namely the implementation associated with PDF documents. The attacks were possible thanks to a heap overflow associated with the PDF rendering feature (CVE-2021-30354), which allowed arbitrary write permissions on the device, and a local privilege escalation vulnerability in the Kindle App Manager service (CVE-2021-30355), which allowed combine two vulnerabilities into a chain to run malicious code with root privileges.

The researchers reported their findings to Amazon in February 2021, and already the April update of the Kindle firmware to version 5.13.5 contained a patch (the firmware is automatically installed on devices connected to the network).

We found vulnerabilities in the Kindle, and if hackers took advantage of them, they could take full control of the device. By sending an e-book with a malicious code to a Kindle user, a cybercriminal would be able to steal any information from the reader, from Amazon account details to payment information. Like other smart devices, the Kindle is often perceived as a harmless gadget that is not subject to security risks. However, our research shows that any device with network connectivity is, in fact, not much different from a computer. IoT devices are susceptible to the same types of attacks as smartphones. Any device connected to a PC, especially the popular Kindle, presents a cybersecurity risk, and users should be aware of this.said Yaniv Balmas, head of cybersecurity research at Check Point Software Technologies.

Let me remind you that Researcher Found Three Bugs Allowing Hacking Amazon Kindle also this February.

The post Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/vulnerabilities-in-amazon-kindle/feed/ 0 5790
Operators of phishing campaigns increased number of emails allegedly from delivery services https://gridinsoft.com/blogs/operators-of-phishing-campaigns-increased-number-of-emails-allegedly-from-delivery-services/ https://gridinsoft.com/blogs/operators-of-phishing-campaigns-increased-number-of-emails-allegedly-from-delivery-services/#respond Wed, 02 Dec 2020 22:00:46 +0000 https://blog.gridinsoft.com/?p=4790 Check Point Research reports that in November, the number of phishing emails written on behalf of delivery services increased by 440% compared to October. The sharpest growth was noted in Europe, with North America and the Asia-Pacific region in second and third places respectively in the number of phishing campaigns. Most often (in 56% of… Continue reading Operators of phishing campaigns increased number of emails allegedly from delivery services

The post Operators of phishing campaigns increased number of emails allegedly from delivery services appeared first on Gridinsoft Blog.

]]>
Check Point Research reports that in November, the number of phishing emails written on behalf of delivery services increased by 440% compared to October.

The sharpest growth was noted in Europe, with North America and the Asia-Pacific region in second and third places respectively in the number of phishing campaigns. Most often (in 56% of cases) fraudsters sent letters on behalf of DHL. In second place is Amazon (37%), in third – FedEx (7%).

In Europe, the number of phishing emails in November increased by 401% compared to October. 77% of them were masked as various notifications from Amazon. In the US, scammers sent 427% more phishing messages than in October, and 65% of them were written on behalf of Amazon. And in the Asia-Pacific region, phishing attacks on behalf of delivery services grew by 185%, with almost 65% of emails using the DHL brand.Check Point experts say.

Back in early November, the US Centers for Disease Control and Prevention warned of the dangers of shopping malls during the holidays and recommended shopping online. As a result, the volume of online shopping in the country continues to break all records. In the first ten days of November, the holiday season, Americans spent $21.7 billion on online purchases, a 21% increase over last year. Shoppers will spend $38 billion over the 2020 Thanksgiving holiday weekend, nearly doubling the amount that was spent during the same period in 2019, according to DC360.

However, it’s not just stores that are preparing for the online shopping boom – the attackers are also mobilizing forces to earn on the holiday hype. Number of phishing attacks has doubled recently.

Now, in addition to fake discount offers and links to store sites, they are increasingly sending phishing emails on behalf of delivery services.

A well-thought-out scheme engages the entire online shopping system, from discount offers like Black Friday and Cyber Monday to order delivery. Its main goal is to trick people into disclosing their account and bank card details so that they can use them to steal money.Check Point researchers warn.

Unlike ordinary phishing emails, with the help of which scammers try to get personal data, information to enter the personal account of an online bank or card data, emails on behalf of delivery services contain various fake messages about problems or offers to track the package.

To solve a problem or in order to use the service, user must provide personal data or bank card details. It is no coincidence that scammers started sending out such letters in November, experts say, since this month many buyers of online stores are waiting for their purchases and more often pay attention to messages from delivery services. In addition, many users are already aware of the old methods of fraudulent sales, and traditional “bargains” no longer contribute to income of criminals.

Check Point Expert Tips for Safe Shopping:

  • For different sites, use unique non-duplicate logins and passwords, go to the site not using a link from a letter that may turn out to be phishing, but open it through a search engine.
  • Particular attention should be paid to the language and errors in letters and domain names: for example, attackers can use the .co extension instead of .com or make typos in the letter itself.

Let me remind you also that cybercriminals started using Google services more often in phishing campaigns.

The post Operators of phishing campaigns increased number of emails allegedly from delivery services appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/operators-of-phishing-campaigns-increased-number-of-emails-allegedly-from-delivery-services/feed/ 0 4790
Vulnerabilities in Amazon Alexa opened access to user data for outsiders https://gridinsoft.com/blogs/vulnerabilities-in-amazon-alexa-opened-access-to-user-data-for-outsiders/ https://gridinsoft.com/blogs/vulnerabilities-in-amazon-alexa-opened-access-to-user-data-for-outsiders/#respond Mon, 17 Aug 2020 16:23:03 +0000 https://blog.gridinsoft.com/?p=4192 In June this year, researchers from Check Point discovered a number of dangerous vulnerabilities that opened for attacks the Amazon Alexa virtual assistant and its users. The problem was in CORS and XSS bugs, which affected several Amazon subdomains, and in configuration issues. By exploiting these bugs, attackers could gain access to personal data (usernames,… Continue reading Vulnerabilities in Amazon Alexa opened access to user data for outsiders

The post Vulnerabilities in Amazon Alexa opened access to user data for outsiders appeared first on Gridinsoft Blog.

]]>
In June this year, researchers from Check Point discovered a number of dangerous vulnerabilities that opened for attacks the Amazon Alexa virtual assistant and its users.

The problem was in CORS and XSS bugs, which affected several Amazon subdomains, and in configuration issues.

By exploiting these bugs, attackers could gain access to personal data (usernames, phone numbers, home addresses, voice history) and perform various actions on behalf of victims (for example, delete and install Alexa skills).

“It took just one click on a link, specially created by an attacker, to successfully exploit [the problems]”, — write the researchers.

For successful attack, the attacker needed only to create a malicious link that would direct the user to amazon.com and send it to the victim (by somehow forcing the user to click on it).

The researchers suggested using the vulnerable track.amazon.com for these purposes – this page is not associated with Alexa, but is used to track parcels from Amazon, and previously it could have been injected with malicious code.

Next, the attacker sent an Ajax-request with the user’s cookies received to amazon.com/app/secure/your-skills-page, which allowed him to get a list of the skills installed for this Alexa account.

The response to such a request also contained a CSRF token, which an attacker could use to remove one skill from the list. The attacker could then install his own malicious Alexa skill on the device in the same way. Replacing a remote skill with his own opened up many opportunities for the criminal, depending on the skills installed on the user’s device.

For example, it was possible to access the victim’s voice history, and then usernames, phone numbers, home addresses, banking data (Alexa does not record banking login credentials, but records other interactions).

“Smart speakers and virtual assistants seem so unremarkable that, at times, we lose sight of their role in managing a smart home, as well as how much personal data they store. For this reason, hackers view these applications as entry points into people’s lives, through which they can access personal data, eavesdrop on conversations and perform other malicious activities without the user’s knowledge”, — says Oded Vanunu, head of the vulnerabilities research department at Check Point Software Technologies.

Currently, Amazon engineers have already patched all discovered vulnerabilities. Additionally, company representatives stated that they were not aware of any use of these problems or disclosure of any information about customers.

We have already many times talked about vulnerabilities in IoT devices, for example, that Kr00k problem threatens devices with Qualcomm and MediaTek Wi-Fi chips. The Internet of Things is becoming a part of everyday life and it is full of new dangers.

The post Vulnerabilities in Amazon Alexa opened access to user data for outsiders appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/vulnerabilities-in-amazon-alexa-opened-access-to-user-data-for-outsiders/feed/ 0 4192
Mandrake malware was hiding on Google Play for more than four years https://gridinsoft.com/blogs/mandrake-malware-was-hiding-on-google-play-for-more-than-four-years/ https://gridinsoft.com/blogs/mandrake-malware-was-hiding-on-google-play-for-more-than-four-years/#respond Fri, 15 May 2020 16:57:11 +0000 https://blog.gridinsoft.com/?p=3792 Bitdefender experts found Mandrake spyware in the official Android app store, hiding on Google Play for four years (since 2016). The malware established full control over infected devices, collected credentials, GPS from infected devices, made screen recordings, and so on. At the same time, the malware carefully avoided infections in countries such as Ukraine, Belarus,… Continue reading Mandrake malware was hiding on Google Play for more than four years

The post Mandrake malware was hiding on Google Play for more than four years appeared first on Gridinsoft Blog.

]]>
Bitdefender experts found Mandrake spyware in the official Android app store, hiding on Google Play for four years (since 2016).

The malware established full control over infected devices, collected credentials, GPS from infected devices, made screen recordings, and so on.

At the same time, the malware carefully avoided infections in countries such as Ukraine, Belarus, Kyrgyzstan and Uzbekistan, Africa and the Middle East.

Mandrake has a three-stage structure, which allowed its operators to avoid detection by Google Play security mechanisms for a long time. It all started with a harmless dropper placed in the official application catalog and disguised as a legitimate application, such as a horoscope or cryptocurrency converter.

Mandrake was hiding on Google Play

When such an application was downloaded on the victim’s device, the dropper downloaded the bootloader from the remote server. At the same time, the dropper himself was able to remotely turn on Wi-Fi, collect information about the device, hide its presence about the victim and automatically install new applications.

In turn, the bootloader was already responsible for direct downloading and installing Mandrake malware.

“The malware completely compromised the target device, gave itself administrator privileges (the request for rights was masked as a license agreement), after which it gained wide opportunities: forwarding all incoming SMS messages to the attackers’ server; sending messages; making calls; stealing information from the contact list; activating and tracking of the user’s location via GPS; stealing Facebook credentials and financial information and screen recording”, – report Bitdefender specialists.

Additionally, the malware carried out phishing attacks on Coinbase, Amazon, Gmail, Google Chrome, applications of various banks in Australia and Germany, the currency conversion service XE and PayPal.

Mandrake was hiding on Google Play

Worse, Mandrake is able to reset the infected device to the factory settings in order to erase user data, as well as all traces of the malware’s activity. When the attackers received from the victim all the information they needed, Mandrake went into the “destruction mode” and erased himself from the device.

“We believe that the number of victims of Mandrake is tens or even hundreds of thousands, but we don’t know the exact number”, — writes Bitdefender expert Bogdan Botezatu.

The company’s researchers believe that for four years, all spyware attacks were coordinated by its operators manually and were not fully automated, as is usually the case. They also note that Mandrake was not spread by spam, and it seems that the attackers carefully selected all their victims.

Specialists were able to trace the Mandrake developer account on Google Play to a certain Russian-speaking freelancer hiding behind a network of fake company websites, stolen IDs and email addresses, as well as fake job ads in North America.

As for Friday, I remind you that For eight years, the Cereals botnet existed for only one purpose: it downloaded anime.

The post Mandrake malware was hiding on Google Play for more than four years appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/mandrake-malware-was-hiding-on-google-play-for-more-than-four-years/feed/ 0 3792