To put consumers off the scent that anything is wrong, after the user downloads the prompted file, they are even redirected to Amazon’s legitimate webpage, thus gaining more credibility and making it appear that the email is real.
Speaking about the attack the team at Cybereason said: “Both cybercriminals and nation-state threat actors alike find and exploit trending circumstances in order to leverage a given situation to infect unsuspecting victims, such as the holiday season, the ongoing COVID-19 pandemic, or both of them combined.
“Similar themes leveraging gift card giveaways and other offerings are not new in the cybercrime landscape, and will most likely to continue to be applied in the future. It is up to the user to be aware of such campaigns and to apply the relevant counter measures.”
This latest attack isn’t anything new with gift cards already a well-known form of targeting consumers.