Amazon gift cards may not be the gifts they seem for some consumers. Threat actors are sending fake cards to deliver the Dridex banking trojan, the Cybereason Nocturnus team revealed last
week.
The emails appear to be legitimate — they use icons and naming conventions to lure recipients into downloading malicious attachments, according to a blog post on the scam..
The vast majority of victims are from the U.S. and Western
European countries, where Amazon is popular and has local websites, it says.
In technical terms, the criminals use three methods to infect the systems of the unsuspecting:
- Word
document that contains a malicious macro
- Self-extracting SCR file, a known technique used by Dridex
- VBScript file attached to the email, another known technique
used by Dridex.
One email uses the subject line, “Amazon.com sent you an Amazon Gift Card!”
The email states: “We are delighted to enclose $100 Amazon gift
card as our way of saying Thank You."
In addition, the email contains a purported order number.
Victims who fall for this are subjected to banking data exfiltration once they
take in the Dridex payload, the report says.
“Consumers have long been a favored target for cybercriminals, and the sharply increased volume of online shopping spurred by the COVID-19
pandemic have made consumer-focused attacks potentially even more attractive,” the post observes.