AmazonGift Card Phishing Campaign Targets Microsoft Accounts

Published Date: April 29, 2025
Category: ShadowOpsIntel
Share:

A new phishing campaign has been identified that exploits the allure of Amazon gift cards to steal Microsoft account credentials. Threat actors send emails promising a gift card, tricking users into clicking malicious links leading to credential-harvesting sites. This campaign specifically targets Microsoft users, attempting to bypass traditional security controls with social engineering techniques.

Severity Level: High

VULNERABILITY OVERVIEW:

  1. Campaign Summary:
    A credential phishing attack disguised as an Amazon e-gift card reward from an employer. Victims are lured by the promise of a $200 reward and directed through a sequence of deceptive websites.
  2. Attack Chain:
    Initial Email: Spoofed to appear from “Reward Gateway,” offering a $200 Amazon eGift Card.
    First Redirection:
    • Link to egift.activationshub[.]com, a newly registered domain with no legitimate ties to Amazon.
    • Victims asked to input their email address to claim the reward.
    Second Redirection:
    • Victims redirected to sso.officefilecenter[.]com, a fake Microsoft login page.
    • Credentials are harvested upon input.
  3. Campaign Scale: Focused; targeted individuals via employer-themed incentives.
  4. Tactics Used:
    • Social engineering (reward-based deception).
    • Domain impersonation.
    • Credential harvesting through phishing sites mimicking Microsoft services.

Recommendations:

  1. Ensure your domain has SPF, DKIM, and DMARC properly configured to help block spoofed emails pretending to be from internal company addresses.
  2. Conduct regular training on recognizing common phishing tactics, such as urgent gift offers, suspicious domains, and login page discrepancies.
  3. Block access to newly registered domains and suspicious websites at the DNS and web proxy levels.
  4. Enable anti-phishing and anti-malware protections in corporate browsers. Promote the use of password managers that autofill only on legitimate login pages.
  5. Enforce MFA for all Microsoft accounts (Office 365, Outlook, etc.).
  6. Establish a clear policy where legitimate corporate rewards are communicated through authenticated internal channels, not via external emails.
  7. Closely monitor login attempts from unusual IP addresses or geographies.
  8. Block the IOCs at their respective controls. https://www.virustotal.com/gui/collection/ca3aaea59301d0a9b8e1f7c0e44f7dec4fba77d83a6b94b6b0a5dc2d2952ee38/iocs

Source:

  • https://cofense.com/blog/amazon-gift-card-email-hooks-microsoft-credentials

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn.

No related posts found.

Talk to an expert