A sophisticated Amazon phishing kit originating from Bandung, Indonesia, and linked to the “Indonesian Cyber Army” targets customers with fake Prime subscription or security alerts. The attack harvests credentials and financial information by directing users to a high-fidelity replica of the login page. To protect against such scams, consumers should verify alerts directly through the Amazon app or website.
Threat Intel: This deceptive layout was detected, analyzed, and contained firsthand by the Antiphishing.biz security team during our standard URL vetting operations. To protect the public, the phishing source domain has been completely disabled within our infrastructure. We document and analyze these live visual patterns to help security researchers and users spot lookalike phishing methods before financial damage occurs.
To avoid phishing scams targeting Amazon accounts, always manually enter “amazon.com” in the browser and verify that communications appear in the official “Message Center” within the user’s account dashboard. Crucial defenses include enabling two-step verification, checking the sender’s actual email address for a “@amazon.com” domain, and using a password manager to detect fake, lookalike URLs.