Beware of Amazon Phishing Scams Targeting Free Subscribers with Personal IBAN Leaks

Recently, Numerama reported that Free subscribers were targeted by an Amazon scam involving their personal IBANs. Cybercriminals are sending convincing phishing emails that appear legitimate, even including real personal details like names and IBANs.

Key Indicators of the Scam:

1. Suspicious Sender Address – The email comes from [email protected], not an official Amazon domain.
2. Fake Unsubscribe Links – Hover over links to reveal their true destination (not Amazon).
3. Personal Data Exposure – Even if some details are correct, never trust unsolicited requests.
4. Bank Monitoring – Regularly check bank statements if your IBAN was leaked.

You Should Know: How to Detect and Prevent Phishing Attacks

1. Verify Email Headers (Linux/Mac)

Use `curl` or `mailutils` to inspect headers:

curl -vs <email_file.eml> | grep -i "from:" 

Or use `mutt` for a detailed view:

mutt -f <email_file.eml> 

2. Check Link Authenticity

On Linux, use `curl` to inspect URLs before clicking:

curl -I <suspicious_link> 

On Windows (PowerShell), check redirects:

Invoke-WebRequest -Uri <suspicious_link> -Method Head 

3. Report Phishing (Gmail/Outlook)

• Gmail: Click Report Phishing (three dots → “Report phishing”).
• Outlook: Use Junk → Phishing.

4. Secure Your Bank Account

• Linux/Mac: Use `gpg` to encrypt sensitive emails:

  gpg --encrypt --recipient "[email protected]" bank_details.txt 
  

• Windows: Enable BitLocker for disk encryption:

  Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 
  

5. Monitor Network Traffic for Suspicious Activity

Use `tcpdump` (Linux) to check outgoing connections:

sudo tcpdump -i eth0 -n "port 443 or port 80" 

Or on Windows (`Wireshark` or `netstat`):

netstat -ano | findstr ESTABLISHED 

What Undercode Say

Phishing remains one of the most effective cyber threats due to social engineering. Always:
– Inspect email headers (Received-SPF, DKIM).
– Use multi-factor authentication (MFA) for banking.
– Encrypt sensitive files (openssl, GPG).
– Train employees with tools like `GoPhish` for mock phishing tests.

Expected Output: A well-secured system with verified email sources, encrypted financial data, and continuous network monitoring to prevent unauthorized access.

URLs for Reference:

• Numerama on Amazon Scam
• How to Use GPG Encryption
• Microsoft BitLocker Docs

References:

Reported By: Piveteau Pierre – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram