Phishing Scam Impersonates Amazon Web Services to Steal User Credentials
Phishing scams that impersonate legitimate, large-scale organizations are on the rise, and one of the latest targets is Amazon Web Services (AWS). If you receive an email from AWS with an attached zip file, do not download it. The phishing scam in question poses as a notice that your AWS account will be cancelled if you don’t take action immediately. The purpose of this scam, however, is to trick you into providing your AWS credentials by clicking the link within the email.
What is phishing?
Phishing is a type of online fraud in which scammers attempt to trick victims into providing sensitive information, such as passwords or credit card numbers. The scammer may impersonate a trusted brand or company, such as Amazon, in order to gain the victim’s trust. In this case, the phisher may create a fake email or website that looks like it is from Amazon Web Services (AWS). The victim may then be asked to provide their AWS login credentials, which the scammer can use to gain access to the victim’s account and steal sensitive data. Phishing attacks can be difficult to spot, but there are some things you can look for, such as misspellings in the email or website address, or unexpected requests for personal information.
Who is at risk?
If you use Amazon Web Services (AWS), you may be at risk for a phishing attack. In this type of attack, scammers create a fake AWS login page in order to steal your user credentials. This is a serious problem because it can give the attacker access to your AWS account and all of the resources that are associated with it. These could include S3 buckets, EC2 instances, and RDS databases. The attackers could then have access to sensitive data or disrupt service by deleting files or deleting databases.
How does this scam work?
The scam works by sending an email that appears to be from Amazon Web Services (AWS), asking the recipient to click a link and enter their login credentials. Once the victim enters their credentials, the attacker then has access to their account. The scam is easy to spot if you know what the sender’s email address should look like, but many people don’t realize this. Protect yourself by going directly to Amazon’s website or phone number and typing in your information there.
How can I avoid phishing scams?
There are a few things you can do to avoid phishing scams:
- Be suspicious of unsolicited emails, even if they seem to be from a trusted source. If you weren’t expecting an email from someone, don’t click on any links or attachments.
- Don’t enter your login information on any website that doesn’t have a secure connection (https://). You can check for the secure connection by looking for a lock icon next to the website’s URL.
What should I do if I am impacted by this scam?
If you think you may have been a victim of this phishing scam, there are a few things you should do:
- Change your Amazon Web Services password immediately.
- Enable two-factor authentication for your Amazon account.
- Check your credit card statements for any unauthorized charges.
- Monitor your account for any suspicious activity.
- If you think your personal information has been compromised, file a report with the Federal Trade Commission (FTC).
Additional resources
If you receive an email that looks like it’s from Amazon Web Services (AWS), beware! There’s a new phishing scam going around that’s designed to steal your login credentials. The scam is in the form of an email from Amazon Web Services and is written with terrible grammar. When clicked, the link in the message takes users to a fake site which asks for their username and password. It then emails the stolen information back to hackers. They can then use these credentials to access other accounts on that user’s computer or phone. You should never click on links in suspicious emails or provide any sensitive information about yourself over email, even if it appears to be coming from someone you know.
