Weaponized Amazon Gift Cards Used to Steal Microsoft Credentials

Cybercriminals are exploiting the trust in e-gift cards and the prestige of Amazon to steal Microsoft credentials from unsuspecting employees.

The attack begins with an email, disguised as a “Reward Gateway” message from a victim’s employer, promising a $200 Amazon eGift card as a reward for outstanding performance.

The Phishing Email

The email arrives without any apparent flaws that might raise immediate suspicion.

It features a significant monetary value and a URL purportedly leading to an Amazon gift card redemption page.

The email’s content is crafted to evoke trust and appreciation from the employer, leading the recipient to engage with the provided link in anticipation of receiving their reward.

Once the victim clicks on the link, they are redirected to what appears to be an Amazon gift card redemption site.

However, this website is hosted on a newly created domain, “activationshub[.]com,” with no legitimate connection to Amazon, signaling the first red flag.

The site mimics the real Amazon redemption process, convincing users to enter their email addresses to “unlock” their gift card.

Upon entering their email, victims are then redirected to a nearly indistinguishable replica of the Microsoft login page.

Hosted on “officefilecenter[.]com,” another recent domain, this page captures Microsoft credentials under the pretense of signing into an Outlook account.

Technical Insights

The phishing infrastructure leverages several technical components:

• Hosting on Suspicious Domains: Both fraudulent domains were newly registered, which is often a hallmark of malicious activities.
• Email Spoofing: The attackers spoofed the email to make it appear as if it came from a trusted source within the victim’s organization.
• URL Manipulation: The URLs used in the emails lead to pages designed to deceive by closely replicating trusted brand interfaces.

According to the Report, this campaign underscores the evolving sophistication of phishing attacks, where attackers exploit human emotions and brand trust to bypass security protocols.

Companies are urged to:

• Regularly update their phishing awareness training to include such real-world examples.
• Implement multi-factor authentication (MFA) to add an extra layer of security.
• Use advanced email filtering systems to detect and quarantine phishing emails before they reach the inbox.

Organizations and individuals alike must stay vigilant, especially when presented with unsolicited rewards or gifts.

Always verify the authenticity of such communications through direct channels with the sender before engaging with any links or entering personal information.

Indicators of Compromise

URL	Associated IP
hXXps://egift[.]activationshub[.]com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL/	104.26.11.204
hXXps://sso[.]officefilecenter[.]com/signin?sso_reload=true#	104.26.1.222

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!