Phishing Amazon on Signal, the scam returns that gives an iPhone and steals bank data

Time: 11/Nov By: kenglenn 661 Views

Our servants with premiumwhiteparpentventiTiTiTiTiCanicybersecurity nationalware and attack and adequerment of corporately culture cyberl'speredoNews Analysisci we are technical analysis and HackerCondividi attacks this article this article this article

A new Phishing Amazon campaign is once again targeting Signal users: a chat message anticipates the winning of an iPhone 12 Pro, but it is obviously a scam to steal personal and bank data.Here are the details and advice to defend yourself

22 Mar 2021Paolo TarsitanoEditor Cybersecurity360.it

The Phishing campaign addressed to Signal users who uses the Amazon brand to induce them to open a chat message that informs them of being among the lucky winners of an iPhone 12 Pro's winners is active these days.

As in the previous campaign detected last February, also in this case the Phishing message is sent by Vietnamese numbers (with international prefix +84).

The link indicated in the text, of course, is not used to request the award as indicated in the message: clicking on it, the user is redirected to a malicious site in order to subtract his bank data.

After the scam via SMS Amazon, therefore, the criminal hackers now take advantage of the recent popularity of Signal, the most sure WhatsApp alternative that there is, to attract their victims into the trap.

Indice degli argomenti

How the Phishing Amazon scam works on Signal

Also this new Phishing Amazon campaign on Signal confirms that the scam of the fake message used as bait is well -designed: in the message, in fact, the Amazon logo appears on display and the text of the chat is written in an almost perfect Italian.

WEBINAR27 Gennaio 2022 - 15:00PIPL, tra privacy e cyber security: quello che devi sapere sulla normativa cineseLegalSicurezzaIscriviti al Webinar

These two details are enough to ensure that the victim does not notice the origin of the message from a foreign number (Vietnamese, to be exact, as the international prefix begins with +84).

Phishing Amazon su Signal, torna la truffa che regala un iPhone e ruba dati bancari

Even the link to connect to to receive the iPhone 12 Pro as a gift should trigger another alarm bell in the victim: the Brandschix domain [.] Space, in fact, in addition to being obviously suspicious, does not belong to Amazon.

By connecting to the indicated link, the victim is redirected to the MeviewPport site [.] com on which an identical web page is loaded in all respects to those for online purchases on Amazon.

To make the trap more effective, the page is structured to provide useful information for the alleged winning of the iPhone 12 Pro together with fake reviews of other obviously non -existent users who serve to give credibility to the site.

The fake form technique to be completed to steal personal data

As always happens in the phishing campaigns, moreover, the victim is invited to participate in a short survey by filling in a special form: it is an trick used by the criminal hackers to induce the unaware victim to communicate other personal data such as age,the address and number of members of the family unit.All data that can be used later for other malicious campaigns and targeted phishing.

Also completed this phase of the fake registration process necessary to receive the iPhone 12 Pro as a gift, a popup window confirms the winning of the device.

The payment of shipping costs is also required

Taken by the euphoria, however, the victim does not notice that the prize has become a sudden an iPhone 11 Pro and instinctively also accepts the three "rules" for participating in the-scratch game, including the payment of the expenses ofshipping that may vary between 1 and 3 euros.

Tapping on the OK button, the victim is then redirected on two other malicious domains (HTWO.Betomb [.] com and chancetowinaprize [.] com) which host the web pages created by the criminal hackers to subtract its bank data.

How to defend yourself from Phishing Amazon on Signal

It is good to underline that all instant messaging apps, regardless of the safety protocols used to encrypt chat messages, are potentially exposed to Phishing -type attacks: recently, another scam aimed at the theft of bank data has affected WhatsApp users.

According to Pierluigi Paganini, Cyber Security Analyst: “The campaign in question has no distinctive elements in terms of complexity, but highlights how the IT crime tries to maximize its efforts using new vectors for its campaigns and abusing brands known to deceive the victims".

"Signal, like other Instant Messaging platforms", continues the analyst, "is an ideal carrier to reach the unsuspecting users who could have compromised their device simply by clicking on a link and giving rise to a process of infection.In the specific case, the victims towards pages created ad hoc to induce victims to provide their bank data "are directed".

"Signal's choice", is Paganini's hypothesis, "could also be motivated by the popular popularity of the application in recent weeks.Millions of users have chosen the app instead of WhatsApp for privacy reasons and the computer crime has shown himself ready to exploit this opportunity ".

“For this reason it is important to spread knowledge on these attacks and help users to identify fraudulent campaigns like this.As usual, it is a good rule that you never open attachments or click links that arrive through untimely messages through various means (e-mails, social networks, instant messaging apps etc..) ".

How to block suspicious users on Signal

In the particular case of Phishing Amazon on Signal, you can also block telephone numbers and suspicious users.To do this, simply follow the following procedure:

  1. Avviare Signal sul proprio telefono.
  2. Aprire una chat con il contatto o il numero di telefono da bloccare.
  3. Toccare l’intestazione della chat con il nome del gruppo o il nome/numero del contatto.
  4. Scegliere Blocca, Blocca questo utente, Blocca questo gruppo.
  5. Confermare selezionando Blocca.
  6. Scegli OK.

Returning to the chat, the buttons to cancel (delete) or unlock (unlock) will be shown below.

Article published on February 12, 2021 and updated with the evidence of the new Phishing Amazon campaign on Signal

WHITEPAPERCertificazioni GDPR: tutti i vantaggi per le organizzazioni che vi aderisconoLegalPrivacyScarica il White PaperScarica il Whitepaper@RIPRODUZIONE RISERVATAPersonaggiPPaolo TarsitanoArgomentiAAmazonDdati personaliHHackerPphishingPPrivacySSignalWWhatsAppCanaliMalware e attacchi hackerNews analysisMalware e attacchi hackerRAPPORTO POLIZIA POSTALE

Cyber Crime, cyber attacks and online scams with Covid-19 themed scams: how to mitigate risks

12 Gen 2021di Salvatore LombardoCondividi il postCondividi Malware e attacchi hackerl'analisi

Lazio and Ransomware Region, happy bitter end: too many mistakes made

08 Ago 2021di Matteo Navacci