VERY IMPORTANT

Since August 2020, Proofpoint researchers have tracked extremely high-volume Amazon Japan credential and information phishing campaigns, with suspected activity dating back to June 2020. The messages pose as Amazon Japan, suggesting that the recipient needs to review their account for "confirmation of ownership" or "updated payment information". Upon clicking a link in the message, the recipient is taken to one of several variations of Amazon-themed credential phishing landing pages that collect credentials, personally identifiable information (PII), and credit card numbers. Messages have been sent both to Japan-based organizations and those with a presence in Japan. The pages are geofenced to ensure that only Japan-based recipients are taken to the credential phishing page.