Be careful what you click: There’s a new phishing scam hitting Amazon listings that look like legitimate deals, offering great prices on “used – like new” electronics.
If you click these links on Amazon, you’ll be redirected to a very convincing Amazon-looking payment site, where the phishy merchant will grab your money and run.
In the case of this scam, the phishy merchant—known as Sc-Elegance—has been a thorn in Amazon’s side for quite a while. According to Comparitech security researcher (and Naked Security Alumnus) Lee Munson, Sc-Elegance has been reported to Amazon several times, only to slink away and hide until popping back up again later.
How the phish works
After adding the super-discounted electronics to your cart, if you try to check out with your items, you’ll be told that the item — suddenly! — is no longer available.
The merchant will then contact you by email, claiming that it was all some kind of mistake and that the item is still available conveniently at a rather Amazon-esque link in their email. But that link, as you might suspect, is a fake, created to look like a legitimate Amazon payment site.
Fake payment sites, including those created by Sc-Elegance, can be quite sophisticated and could fool an unsuspecting buyer easily:
That said, there are a few giveaways that a savvy buyer can identify.
Most importantly: These sites exist outside of the official Amazon.com domain or app—a huge red flag. Additionally, in the case of the example above, the crooks have added some tell-tale typos (“add or confirme”), though not every phishing scammer will be so sloppy.
How to protect yourself
Over the years we’ve seen phishing scams imitating every retailer and organization imaginable, from iTunes to Bitcoin. The phishing campaigns keep coming because spotting fake sites and emails is difficult if you aren’t on your guard.
If you’re using Amazon keep these tips in mind:
- Trust your gut and be on guard: If that deal is too good to be true, it likely is
- Don’t pay for anything on Amazon outside of Amazon.com or the official Amazon app
- If you’re in doubt about a deal by an “affiliated retailer” ask Amazon’s official customer service
For more on how to avoid phishing attacks read Don’t fall for phishing and spear-phishing.
Louis Leahy
Our system is designed to put a stop to these credentials phishing scams, We have a patented process to provide a unique set of keys for each user to select their credentials that prevents them from being fooled by such attacks – Live Long & Prosper.
Louis Leahy
The thing is security is not a popularity contest. It is ridiculous that you would allow your forum to be rude to contributors by rating them for their ideas in such a crude manner all you serve to do is discourage contributions and embolden trolls so eventually you don’t have a forum. Good luck with that!
anon
A couple years ago I purchased RAM chips from a third party via Amazon. The goods were not delivered in a timely manner and my inquiry regarding the two weeks wait yielded a shipping code. On follow-up the shipping code had not been consumated with the shipper by delivery of the goods (i,e., the vendor did not transfer the goods to the shipper, they only obtained the tracking number to string me along and avoid Amazon’s wrath).
The next business day validated status of the promised shipping date was not still not available. Again I inquired via the Amazon process and that’s when I got an email from the vendor attempting to get my payment information for reimbursement. RED FLAG. They had an Amazon order, shipping code, and shipping address. I wanted the goods or Amazon resolution and elevated this via Amazon directly. The goods were delivered within a week after that with no more questions asked.
That’s why I rarely use third parties on Amazon and I never use anyone else’s payment system. Amazon is good for it but you need to tie your cart to them and keep it there.
Maria Varmazis
Good thinking and great advice.