
image credit: unsplash
Threat actors are using Amazon Web Services to create phishing pages that bypass security scanners and scam victims into handing over credentials.
The scammers send their targets what appears to be a standard password expiration email or other emails meant to create a sense of urgency. The emails come from legitimate AWS domains, but a closer look shows the inclusion of false nicknames, with the sender address and unrelated text in a foreign language, find security researchers at Check Point-run firm Avanan.