We don’t normally cover hacking and phishing scams on this website but this is so egregious we had to inform you about it.
As you might know or may not know, Google has been selling top search results since they figured out there can be more money made than just listing the most popular websites. A lot more. It’s the reason why the company is now valued at over $1.3 trillion dollars.
It means when you do a search for something on Google more than likely the top results are going to be paid ads. The advertisers bid for those positions, and while you may think you are getting legitimate results from Google that is not always the case. As we found out yesterday, Google gave top positioning to an ad impersonating Amazon that looks just like an Amazon ad and even includes the www.amazon.com URL.
The Setup
The ad looks just like Amazon, although we found it a bit strange to use the words “Shopping Wonderland.” [See image above.] When clicked on, the user gets redirected from https://chil.chillycircus.com, a URL that you might not even notice during the clickthrough. The redirect is just an in-between URL used for various reasons but are typically just disposable. The final destination website that looks just like Amazon lives under the URL amazon.thehappytappy.com and immediately asks you to log in. Most users may think that maybe they were simply logged out and needed to log in again. Then, it asks for your password. Keep in mind, the domain can look real because of the use of “amazon” in the URL as a subdomain of thehappytappy.com. It is perfectly legal to use copyrighted names in a subdomain. The next step in the scam is asking for your payment information. [See image below.]
That’s where most folks will realize there’s something wrong. There is no need to provide payment information when a product has not yet been selected. The problem is, at this point the nefarious website has already captured your email and password data. If parties on the other end are quick enough, they could log into your Amazon account if TFA (Two Factor Authentication) is not enabled.
What would the hackers do? Who knows. Maybe the offenders would attempt to order some products and send them to a different address. Or, maybe they would try to capture some of your credit card information. They could also attempt to access other popular shopping websites such as Best Buy or Wayfair where you may use the same email address and password.
At the very least though, the phishers now have your email address to further spam you or to sell it to other spammers or even legit web businesses.
The placement of the paid fake ad really shows gross negligence on the part of Google to allow advertisements disguised as legitimate companies. But it’s no surprise.
What should you do?
If you’ve accidentally provided your email address and password to this nefarious entity you should immediately change your password on Amazon. Be sure you have two factor authentication authentication enabled. This will allow Amazon to send you a text message to your phone to confirm you are the user.
If you have not enabled TFA do it right away. This is a secure way of Amazon and other websites to confirm it’s you using your own account and not some bot or hacker trying to capitalize on the fragility of the internet.
The other thing you should do is change the password on any other websites that use the same email address and password. It’s not uncommon to reuse a password on multiple websites, but in this instance you can understand why that is not such a good idea.