Home Malware Programs Adware "Congratulations Dear Amazon Customer" Scam

"Congratulations Dear Amazon Customer" Scam

Posted: December 29, 2019

The "Congratulations Dear Amazon Customer" scam is a social engineering attack that tricks Web surfers into providing personal information, such as credit card credentials. The "Congratulations Dear Amazon Customer" scam circulates on third-party websites that impersonate Amazon.com through shared graphical UI elements. Users should avoid contact with sites distributing this attack, use anti-malware tools for blocking the "Congratulations Dear Amazon Customer" scam, and contact their bank or credit card company afterward, if applicable.

Your Browser Congratulates You on Being Bamboozled

As companies like Microsoft, Google, Apple, and Amazon dominate the tactic landscape con artists tailor their tricks and confidence games to look the part. The "Congratulations Dear Amazon Customer" scam is one of the latest website tactics that's using faked Amazon authenticity – in its case, through mimicking that famous storefront's website appearance. The purpose is, however, just gaining the victim's information without returning anything in exchange.

The "Congratulations Dear Amazon Customer" scam operates similarly to the SOP of the 'Congratulations! You won!' Pop-Up, the 'Win an iPhone!' Pop-Up Ads, or the Survey Prize Center website. It informs the Web surfers, regardless of whether or not they're an Amazon shopper, that their IP addresses at random are getting a prize: namely, an iPhone. The high value of the reward should tip off most users, since similar prize 'contests' tend to limit the pot to more practical benefits, such as a few dollars.

After gaining confidence through the opening gambit, the "Congratulations Dear Amazon Customer" scam proceeds with a 'questionnaire' that harvests information from the user. After collecting all data, such as addresses, phone numbers, passwords, or credit card numbers, it offers a false choice of various prizes. Attentive Web surfers can, however, see some minor signs of the "Congratulations Dear Amazon Customer" scam not being an Amazon-endorsed service, such as the tag line regarding trademarks.

Congratulating Yourself on a Danger Dodged

While many website-circulating tactics are opportunities for drive-by-downloads and the installation of threatening software, malware experts don't see any such abuses in the "Congratulations Dear Amazon Customer" scam. However, the use of fake prizes for collecting information does expose the victims to other issues, ranging from misleading phone calls (such as the 'Google Voice Verification Code' tactic) to billing problems. Accordingly, any contact with sites promoting the "Congratulations Dear Amazon Customer" scam always should be minimal.

Web browsers that don't run scripts like JavaScript automatically are at less risk from the "Congratulations Dear Amazon Customer" scam and may not load it by default. Users also can keep track of the addresses associated with similar pop-ups and identify attempted tactics claiming that they're from sites that they aren't. Blocking advertisements also can lower one's exposure to these social engineering attacks.

The "Congratulations Dear Amazon Customer" scam isn't, traditionally speaking, a harmful program or similar threat. However, because of the close overlap with unsafe content, some anti-malware products may block a "Congratulations Dear Amazon Customer" scam or prevent related, corrupted scripts from launching.

The "Congratulations Dear Amazon Customer" scam has nothing to do with Amazon except for being a predator of that storefront's customers. No matter where you make your purchases, due diligence on anything that claims that it's 'free' is a good habit for safe shopping.