132). Amazon - HTML.Phishing.Azon-4
This email targets customers of Amazon.
Message Details
| Malware Name: | HTML.Phishing.Azon-4 |
| Origin: |  United States |
| Date first seen: | 15/07/2006 19:40:46 |
| Number seen: | 17 |
| Date last seen: | 18/11/2006 11:20:27 |
| From: | "Amazon.com"<update-account@amazon.com> |
| Subject: | Revision Your Amazon.com Account Information |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
16/07/2006 01:02:07 | 16/07/2006 14:48:04 |  80.97.17.147 |
http://80.97.17.147/index.html | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Amazon.com
Dear Customer,
- Due to recent account takeovers and unauthorized listings, Amazon is
requesting a new account verification procedure. From time to time, randomly
selected accounts (seller and/or buyer)are placed under an advanced updating
process based on merchant accounts/bank relationsand on-file credit cards.
Amazon may also request in an email message scanned/faxed copies of one or
more photo ID's. Your account confirmation may go wrong if your credit
card/bank account has expired, or if you have changed/replaced your credit
card without letting us know about the change.
* Your account is not suspended, but if in 36 hours after you receive this
message your account is not confirmed we reserve the right to terminate
your Amazon subscription.
* If you received this notice and you are not an authorized Amazon account
holder, please be aware that it is in violation of Amazon policy to
represent oneself as an Amazon user. Such action may also be in
violation of local, national, and/or international law.
* Amazon is committed to assist law enforcement with any inquires related
to attempts to misappropriate personal information with the intent to
commit fraud or theft.
* Information will be provided at the request of law enforcement agencies
to ensure that perpetrators are prosecuted to the full extent of the
law.
To confirm your identity with us click the link bellow:
[1]http://www.amazon.com/exec/obidos/sign-in.html
We apologize in advance for any inconvenience this may cause you and we
would like to thank you for your cooperation as we review this matter.
Respectfully,
Amazon.com, Inc.
Copyright 2006 Amazon.com, Inc. All rights reserved.
Amazon sent this e-mail to you because your Notification Preferences
indicate that you want to receive information about Special Events &
Promotions. Amazon will request personal data (password, credit card/bank
numbers) only on our home site, wich is securely incrypted with SLL.
References
1. http://80.97.17.147/index.html
Additional Examples