The article warns that users are being contacted through emails and/or phone calls claiming that they have opened an Amazon Prime account. The malicious actor then will inform the users that the account was opened fraudulently through a security flaw on their computer.
The malicious actor then asks the user for remote access to their computer to fix the breach. Allowing this will let the malicious actor steal personal and financial information, including passwords and even banking information.
Another version of this scam is very similar but claims there is an Amazon-Music subscription instead of an Amazon Prime subscription.
Amazon has stated that that they will never cold-call a customer, and will never ask for remote access to a computer or payment over the phone. Never give any details to an unknown caller, and if you’re not sure if the call is legitimate or not, log into your official Amazon account and contact customer support through there.
If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
For more information, please check out:
To read more articles published by DOIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.