Just last February, a sophisticated nationwide scam involving Amazon packages reached Bergen County, prompting an urgent warning from law enforcement. The scam involved unexpected packages arriving at homeowners’ doors containing a QR code that, if scanned, could trigger a malware attack, allowing cybercriminals to access users’ passwords, private photos, and financial apps. More recently, New Jersey officials issued a warning to Amazon Prime users about a phishing scam that uses fake membership renewal emails to steal passwords and financial information.
What the Message Looks Like
The scam message claims that the recipient’s payment method failed and that their Amazon Prime membership is about to expire. It then asks them to update their default payment or choose a new one for their membership. Typically, the message also sets a short deadline for renewal. Clicking the link takes them to a fake login page built to steal their password, credit card number, and personal information. Although the email’s display name appears as “Prime Notification,” the actual address used does not belong to Amazon. It is easy to assume the message is legitimate, as it appears to be typical Amazon correspondence and bears Amazon’s logo.
The Potential Impact on Businesses
The scam targets not only individual users but also businesses that rely on Amazon’s Prime service. While business email compromise isn’t new, the way cybercriminals carry out attacks today is significantly more sophisticated than it was just a few years ago. Business phishing attacks occur in stages, impacting cloud authentication protocols, software-as-a-service trust relationships, and native workspace features, often without triggering traditional security alerts. Attacks now involve approximately five stages. First, attackers obtain initial access to a system via phishing emails or other means. Next, they mine users’ email, content, contacts, and workflows. They then enter into stealth mode, hiding alerts, suppressing replies, and even manipulating users’ inboxes. The fourth stage involves specific actions such as fraud, lateral software-as-a-service compromise, and phishing expansion. The final stage is that of persistence, which allows attackers to continue accessing their victims’ systems even after the original phishing email is discovered.
Strategies to Block Attacks
The New Jersey Cybersecurity & Communications Integration Cell recommends specific strategies for dealing with this scam. The first is to exercise caution with communications from known senders or legitimate platforms. The second is to confirm any out-of-the-blue requests with verified, official sources before clicking on any links or opening attachments. Users should navigate directly to legitimate websites and check pertinent information. For instance, checking your Amazon account will reveal the date your Prime subscription actually expires, which will typically be different from the date alleged by attackers. If users have entered sensitive information, they should change passwords for compromised accounts, monitor their accounts online for suspicious activity, and follow the pertinent recommendations in the Identity Theft and Compromised PII NJCCIC Informational Report. Those who provided credit card information to scammers should contact their banks to report any fraudulent transactions. Finally, they should report illicit cyber activity to the NJCCIC and the FBI’s IC3.
Harnessing the Power of Multi-Factor Authentication
Multi-factor authentication (MFA) is a powerful tool against this type of scam, as it requires users to provide at least two forms of verification before granting access to an account. For instance, when making an Amazon purchase, a code will be sent to users’ phones to authenticate the transaction. For businesses, MFA can be a vital protection against data breaches, fraud, and unauthorized access to cloud data. Security specialists actually recommended that businesses enable MFA on all their key accounts, including email platforms, financial services, customer relationship management systems, and cloud applications. Additional steps include the utilization of hardware security keys or app-based authenticators, which are more secure than text-message verification codes.
New Jersey residents and businesses are being warned about a scam centered on the supposed renewal of Amazon Prime subscriptions. The scam involves an email that asks users to provide credit card details, supposedly because their existing subscription has expired. Users are advised to check with Amazon before clicking any links or downloading any files. They are also advised to rely on strategies such as multi-factor authentication (MFA), which requires users to verify their identity twice before accessing sites or apps.
