"Action required!" the subject of an email screamed. "Please update before 24 hours or your Amazon Prime account will be permanently locked!"
Funny thing is, I don't even have an Amazon Prime account.
The email, insinuating that Amazon is greatly affected by the coronavirus outbreak, went on to say that the big-box retailer is drowning in a sea of new user accounts. If I wanted to keep my account, I'd have to "re-register" my credit card number into the system.
- MacBook, iPad among billions of devices hit by Kr00k Wi-Fi security flaw
- Microsoft says 99.9% of accounts get hacked for this reason: How to protect yourself
- 'Millions' of Windows, Linux system open to attack due to risky firmware
The phishing email had all the tell-tale signs of fraudulence: horrendous grammar and spelling, an unofficial email domain and a suspicious-looking attachment. But what was different about this particular email was that the scammer was seeking to capitalize on COVID-19 concerns.
You may wonder, "Who would fall for those emails, anyway?" You'd be surprised. A study that simulated phishing emails discovered that one third of its research participants between the ages of 18 to 37 fell hook, line and sinker for a fraudulent email.
With a new layer of fear and calamity hovering over the masses due to the novel coronavirus pandemic, there's a good chance that more email users are in a vulnerable state and, therefore, more susceptible to phishing emails than usual.
I'm not the only one who has noticed the new wave of scammers capitalizing on COVID-19. According to The Guardian, the FBI and the FTC have noticed a surge in fraudsters taking advantage of the coronavirus mayhem.
"The rise in scams has come in the form of email phishing campaigns, fraudulent goods, and disinformation campaigns," The Guardian wrote, citing cybersecurity company Digital Shadows.
Scammers have been pretending to be legitimate organizations such as World Health Organization and the Centers for Disease Control. According to a PSA published by the FTC, swindlers have tried to bait users by claiming they have a vaccine for COVID-19 -- the FTC stressed that there are currently no approved vaccines, pills, lozenges or other remedies to treat or cure the novel coronavirus.
On Monday, cybersecurity firm ESET also noticed a sudden spike in coronavirus-related phishing emails: a whopping 2,500 infections in a span of seven hours. The numbers, according to Forbes, are typically in the tens.
“This is the biggest coronavirus or COVID-19-themed malware campaign we have registered so far," ESET cybersecurity researcher Jiri Kropac told Forbes. "Cybercriminals often jump on the hot media topic, which coronavirus really is. They’re using it for their profit.”
Kropac revealed that the surge of infections consisted of two strains of malware that only targeted Microsoft Windows devices.
My so-called "Amazon" email had a PDF attached to it; the email requested that I download it to follow "directions" to keep my Prime account. Clicking on this file would have inevitably led me down to a dark path of malware hell.
We reached out to Amazon for comment about the phishing email.
"Thank you for bringing this matter to our attention," an Amazon spokesperson told Laptop Mag. The spokesperson urged users to verify claims from a suspicious-looking email by directly logging into one's Amazon account.
"We would ask any customer who believes that they have received a false or phishing email to alert us via our firstname.lastname@example.org e-mail address," the spokesperson told us.