Sophisticated Phishing attempt or Coincidence?
August 24, 2022 6:38 AM Subscribe
I got an email that looked like it was from Amazon, saying that a pair of wireless earbuds had been dispatched to me. Cost of the item $99.99. Then it said that if I "hadn't authorized the transaction", I should click on a link. Like a fool, I clicked on it because I had recently ordered some things from Amazon, and, this is the weird thing, I had browsed some wireless earbuds.
Happily Chrome caught the phishing attempt. So, it's weird the phisher could access my Amazon browsing history right? What's going on? Do I have some kind of malicious tracker on on my PC? Or is it just coincidence?
I'm with EmpressCallipygos: Coincidence. Wireless earbuds are a hot ticket.
posted by nkknkk at 7:09 AM on August 24, 2022
posted by nkknkk at 7:09 AM on August 24, 2022
Do you have a facebook account? Do you stay logged-in on that browser with, well, almost anyone? Google, maybe?
This is likely neither a malicious tracker on your pc, nor a coincidence. It's probably mostly driven by the cookies that allow you to stay signed in, plus data-sharing between people with whom you've never directly interacted (and likely people you've never heard of).
Some data collector(s) has/have acquired and then sold data about your ID (including email address, which is rarely considered "personally identifying information", legally, if that is even proscribed in your jurisdiction). Someone else has aggregated data around this.
It might even not be your data, particularly. If you've spoken with friends about earbuds, for example, and they've done searches, that search-term could be imputed to you.
An example scenario (based on when my Sister started getting twitter-ads for a thing that I had bought on Amazon, shortly after we met one day and I mentioned the thing I had bought):
1) I buy a thing on Amazon. (I am sorry everyone, I still feel dirty)
2) I meet my Sister for a beer.
3) Some aggregator already knows: I am associated with my Sister. I bought the Thing.
4) GPS data, which might be logged by any number of apps on each of our phones shows that we were in the same place at the same time.
5) The combination of these things suggest that maybe my Sister is also worth targeting for marketing for the Thing.
Data collectors sell this sort of info to aggregators, aggregators sell to whoever wants to buy it. They don't ask "will you be using this for targeted twitter ads, or legitimate research, or demographic stuff, or phishing?", they ask "has the cheque cleared?"
So, it's weird the phisher could access my Amazon browsing history right?
They don't need to access your Amazon history specifically, just like they don't need to install software on your PC to get these inferences (though if you have a favoured method for malware scanning, it can't hurt to run a scan).
posted by pompomtom at 7:11 AM on August 24, 2022 [6 favorites]
This is likely neither a malicious tracker on your pc, nor a coincidence. It's probably mostly driven by the cookies that allow you to stay signed in, plus data-sharing between people with whom you've never directly interacted (and likely people you've never heard of).
Some data collector(s) has/have acquired and then sold data about your ID (including email address, which is rarely considered "personally identifying information", legally, if that is even proscribed in your jurisdiction). Someone else has aggregated data around this.
It might even not be your data, particularly. If you've spoken with friends about earbuds, for example, and they've done searches, that search-term could be imputed to you.
An example scenario (based on when my Sister started getting twitter-ads for a thing that I had bought on Amazon, shortly after we met one day and I mentioned the thing I had bought):
1) I buy a thing on Amazon. (I am sorry everyone, I still feel dirty)
2) I meet my Sister for a beer.
3) Some aggregator already knows: I am associated with my Sister. I bought the Thing.
4) GPS data, which might be logged by any number of apps on each of our phones shows that we were in the same place at the same time.
5) The combination of these things suggest that maybe my Sister is also worth targeting for marketing for the Thing.
Data collectors sell this sort of info to aggregators, aggregators sell to whoever wants to buy it. They don't ask "will you be using this for targeted twitter ads, or legitimate research, or demographic stuff, or phishing?", they ask "has the cheque cleared?"
So, it's weird the phisher could access my Amazon browsing history right?
They don't need to access your Amazon history specifically, just like they don't need to install software on your PC to get these inferences (though if you have a favoured method for malware scanning, it can't hurt to run a scan).
posted by pompomtom at 7:11 AM on August 24, 2022 [6 favorites]
I would check my browser for any extensions, like for getting coupons. These have been a vector on Chrome in the past for this sort of spearfishing (where they utilize info specific to you) ad attack.
I have also switched to exclusively using Firefox for any shopping and browsing borg social media sites like Facebook. I use Firefox containers and it makes a big difference in terms of targeted ads.
posted by zenon at 8:08 AM on August 24, 2022 [1 favorite]
I have also switched to exclusively using Firefox for any shopping and browsing borg social media sites like Facebook. I use Firefox containers and it makes a big difference in terms of targeted ads.
posted by zenon at 8:08 AM on August 24, 2022 [1 favorite]
Unless you went directly to Amazon and never visited or searched for any other site concerning earbuds I wouldn’t assume that Amazon is how you came to the attention of the phishers. Data about what you’ve been looking for is a commodity that is collected and sold as a matter of course these days — in fact one of the reasons you are now constantly given the option to disapprove cookies on websites is the European Union legal backlash to the practice.
Once the phishers know what you’re looking for, faking mail from Amazon is the obvious choice both in terms of the likelihood that you shopped there and the value of getting that particular password from you.
posted by Tell Me No Lies at 9:00 AM on August 24, 2022
Once the phishers know what you’re looking for, faking mail from Amazon is the obvious choice both in terms of the likelihood that you shopped there and the value of getting that particular password from you.
posted by Tell Me No Lies at 9:00 AM on August 24, 2022
I would be very dubious that someone doing Amazon phishing is going to be getting very specific information on people's browsing habits to target them. That doesn't even make sense in this case because the desire was to trigger a panic response in the victim because it's something they hadn't ordered.
posted by Candleman at 12:21 PM on August 24, 2022
posted by Candleman at 12:21 PM on August 24, 2022
While pompomtom is right about how "legitimate" companies put together data about you, that 100% does not apply to this situation. Rogues running phishing campaigns are trying to make money, not spend it, and there's a not insignificant amount of money involved in doing the type of thing they were talking about.
It is 100% absolutely a coincidence. As long as you didn't put your login details in somewhere (you said Chrome caught it first), you're fine. Just be more careful in the future about what you click on.
posted by tubedogg at 3:31 PM on August 24, 2022 [2 favorites]
It is 100% absolutely a coincidence. As long as you didn't put your login details in somewhere (you said Chrome caught it first), you're fine. Just be more careful in the future about what you click on.
posted by tubedogg at 3:31 PM on August 24, 2022 [2 favorites]
Rogues running phishing campaigns are trying to make money, not spend it, and there's a not insignificant amount of money involved in doing the type of thing they were talking about.
The days of phishing being restricted to a few teenagers running scripts in a cybercafe are long behind us. Phishing is a big business and like all businesses they spend money to make money.
posted by Tell Me No Lies at 5:10 PM on August 24, 2022
The days of phishing being restricted to a few teenagers running scripts in a cybercafe are long behind us. Phishing is a big business and like all businesses they spend money to make money.
posted by Tell Me No Lies at 5:10 PM on August 24, 2022
Probably coincidence. However, there is a case where Amazon does share details about what you purchase with third parties — if you click a Amazon affiliate link and buy something within 24 hours (I think, I forget the details), the person who owns the affiliate link will be informed what items you bought. I don't think there's a easy way for them to link that to your email address, but there are difficult ways to do that.
Most likely wireless earbuds are just a common big-ticket item that make sense as something a hacker would buy and resell, though, and there's nothing personalized about it.
posted by wesleyac at 8:11 AM on August 25, 2022
Most likely wireless earbuds are just a common big-ticket item that make sense as something a hacker would buy and resell, though, and there's nothing personalized about it.
posted by wesleyac at 8:11 AM on August 25, 2022
« Older Excuse me, [term of respect], you dropped your... | No show socks, grips, stay on your feet , Newer »
This thread is closed to new comments.
Still wouldn't hurt to do some kind of virus and tracker scan just for safety's sake.
posted by EmpressCallipygos at 6:48 AM on August 24, 2022 [11 favorites]