Tech Security Alert: A new multistage phishing campaign spoofs Amazon's order notification page


Office of the CIO



CofC faculty, staff, and students


Applies To:





From: Office of the CIO
Sent: Friday, November 5, 2021 11:34 AM
To: Administrative Information; Students: FALL: Enrolled: All
Subject: Tech Security Alert - Phishing/Fraud/Theft

From Jamey Rudisell, CofC Chief Information Security Officer

A new multistage phishing campaign spoofs Amazon's order notification page and includes a phony customer service voice number where the attackers request the victim's credit card details to correct the errant "order."

The attack works like this: "The victim receives an email showing their supposed Amazon order that totals more than $300. The victim, realizing they didn't place the order, clicks on a link in the email, which takes them to the actual Amazon website. A customer service number in the phishing email, which has an area code from South Carolina, doesn't answer when they try to call. After a few hours, the attackers call back – from India – and the phony customer service rep tells the victim they need to give their credit card and CVV number in order to cancel the invoice."


  • InfoSec encourages end users to look at the sender address of the email. In the Amazon case, the sender’s address was a Gmail account, not from Amazon.
  • InfoSec encourages end users to check their Amazon accounts. If they truly made the order, then it should appear on the “Returns & Orders” section of their account.
  • Do not to call unfamiliar numbers. As with other online scams, check the account you have with the caller (Amazon in this case) site before making any calls.



Article ID: 139301
Tue 11/9/21 1:59 PM
Tue 11/9/21 2:02 PM

Related Articles (2)

How do I know if this email is phishing or if it is spam?
How to recognize signs of an email phishing attempt.