Amazon ‘Work at Home’ Scam Promises Big Payouts
Hackers are spoofing the popular shopping site to steal personal data.
A ‘work at home’ scam circulating over the past several months promises significant earning potential with only a few hours of work each day. Hackers used phone calls and SMS messages to contact potential victims telling them Amazon was hiring remote work-from-home employees and directing them to apply on fake websites.
dfndr lab, the research team behind the dfndr security app, discovered over 1M detections in the first month of Q3 (July-Sept) for this bogus employment opportunity.
The scam is designed to prey on people looking to make easy money working from home using a well-known and trusted brand name and promised the opportunity to earn up to $500 daily working part-time. Scammers directed applicants to one of several fake sites that either used variations of the Amazon name such as amazonhiring.org or amazoncareers.co. Some sites were more generic such as stockretail.org, suggesting the opportunity was through a third-party recruiter.
The goal of the scam was to trick applicants into giving out sensitive information such as social security numbers and banking information. The hackers used to two methods to collect this information. The first was to try to trick those that applied into voluntarily entering personal information into online applications. The second tactic used SMS links containing phishing malware designed to gain access to passwords and other information.
You can always use dfndr security’s anti-hacking feature to check any suspicious links. Anti-hacking proactively alerts you to malware-infected links even before you click them. Additionally, dfndr lab offers a free link checker. Visit: https://www.psafe.com/dfndr-lab/
Our security team at dfndr lab compled tips to keep you safe and aware:
1. Watch out for red flags. Look to see if the website appears to be official. Amazon.com has an employment section on its official site so you should be suspicious of alternate web addresses.
2. Beware of alterations or misspellings of the brand name. A web address containing extra words such as “jobs,” “careers,” “opportunities,” or other similar phrases is an indicator of possible fraudulent promises. Also, be skeptical of sites ending in .co, .org, .biz, or other non-.com suffixes.
3. Be suspicious of any offer that sounds too good to be true. Amazon recently announced it was going to raise it’s starting pay to $15.00. The promise of making hundreds of dollars in a single day for a short amount of time doesn’t sound realistic. If in doubt, you can contact the company at an officially listed phone number or email address for verification.
To find out the other top scams dfndr lab discovered in Q3, download the Q3 Cybersecurity Report: