Fraud - Amazon redirect at checkout?

jimvicks

Prominent
Mar 26, 2017
5
0
510
Hello,

Recently in the last few weeks when using Amazon.co.uk, I’ve seen different behaviour than normal as follows:

I shop around the site and add items to my basket. I click on the basket when done to view. All good.

I then click on the link to ‘proceed to checkout’ and the normal ‘sign in’ page pops up. Its looks normal, the simple layout and only really two boxes (email address and password). The URL looks right as well (https://www.amazon.co.uk/ap/signin?) . However, when I then click on the ‘sign in’ button, a windows pop up appears that states: Internet Redirection – You are about to be redirected to a new internet site. Any information you exchange with the current site could be transmitted to the new internet site, Do you want to continue?

The pop up looks like a genuine windows system notification / warning.

I of course click no, at which point I’m back to the basket screen. If I repeat I get the same result.

The only work around is if I go in via order history or something like that, then it all works as expected, and as I have authenticated, it avoids the ‘sign in’ screen.

I have not seen any strange behaviour on any other site, banking or commerce. I use the internet a lot. Turning off machine, clearly cache etc, re-booting router, makes no difference.

I doubt very much that Amazon is re-directing me at the Sign-In page, but at a lost to what is causing it. Because the url is right, and only happens on this page on Amazon’s site, it makes me think the issue is there. Has anyone else seen this or have any ideas?
 
Solution


Again free things just haven't shown the ability to ever get 100% ... so adding more free things still leaves a lot untested. The free trials are short term free usage, but not free, they will detect things that the others do not detect.

And by all means, do not depend on anything Microsoft

https://www.av-test.org/en/antivirus/home-windows/windows-10/october-2016/microsoft-windows-defender-4.10-164047/

The softonic stuff means you downloaded free software from softonic at some point

Again, it could be legit, Amazon, newegg and others are moving steadily towards being a portal ... and with the...

jimvicks

Prominent
Mar 26, 2017
5
0
510


Hi - I've tried that, and called them twice, and get nowhere. I googled around and saw someone had posted a similar question on here before, except it was a redirect at the start. Appeared their router had been hijacked and the responses on here were helpful in figuring that out and what was causing it. Hence my reason for posting here again, in case there is some simple stuff I can try on my own kit (desktop and router) to see if its at my end?

 
Amazon, newegg and others are serving as portals for many sellers. In the past your money went to Amazon => Portal Site ... I wonder if they are trying to save costs by letting the portal site handle the transaction. Amazon has quite a history of handling fake merchandise, perhaps this relieves them of any liabilities associated therewith.

OTOH, a malware that coops your attempted purchase and redirects it somewhere else is certainly feasible, especially if relying on Windows built in protections or free substitutes.

 
if you think your router was taken over, reset to factory setting and reconfigure it for internet , that would take care of that issue if it was even an issue to start with in the first place, (unless your router is like 5-10 years old) you should be fine as long as you have changed the admin password from the default password.

as for amazon redirect , possible, then again , I would not know I don't buy from amazon ever
 

jimvicks

Prominent
Mar 26, 2017
5
0
510


umm, my shopping basket included third party merchants, so I guess its possible.

OTOH, thinking about it, the issue started happening just after I moved to a new PC build at home. Its a clean build, but first time I have used win 10. I am just using the built in protection, kind of figured that as the use was pretty mainstream (website like amazon, bbc, and banks) and doing MS office stuff, was probably ok with this level of protection?

Would malware be able to just insert itself like this though? I would have expected to have seen a strange URL or link somewhere during the process?


 
I am never surprised as to the breadth and depth of malware attacks... last AV test, Kaspersky was the ony one to get a perfect score and scor 5 ratings acrss the board for protection, performance and usability

https://www.av-test.org/en/antivirus/home-windows/windows-8/december-2016/kaspersky-lab-internet-security-2017-164857/

download their 30 day free trial and give it a go.
http://usa.kaspersky.com/downloads/free-home-trials/total-security

 

jimvicks

Prominent
Mar 26, 2017
5
0
510


Yep, downloading and trying a few things now, this, adwcleaner , and Malwarebytes, plus full scan from good old windows defender
 

jimvicks

Prominent
Mar 26, 2017
5
0
510
So, ran Kaspersky, adwcleaner , Malwarebytes, and windows defender, all on full deep scan of all drives. With the exception of adwcleaner finding some files linked to 'softonic.com' in the IE registry, there was nothing else at all. I'm guessing the Softonic stuff is there by default, as not installed any tools bars or alike.

Any further thoughts?

Nothing found, yet the redirect feels wrong. I did reboot my router as well, and it had a password chance when I first got it. I changed that again to be safe.

Amazon yet to reply to me either . .
 


Again free things just haven't shown the ability to ever get 100% ... so adding more free things still leaves a lot untested. The free trials are short term free usage, but not free, they will detect things that the others do not detect.

And by all means, do not depend on anything Microsoft

https://www.av-test.org/en/antivirus/home-windows/windows-10/october-2016/microsoft-windows-defender-4.10-164047/

The softonic stuff means you downloaded free software from softonic at some point

Again, it could be legit, Amazon, newegg and others are moving steadily towards being a portal ... and with the amount of fake stuff (knock offs) that amazon sells, the lawyers probably suggested going this route to avoid liability. Only way to know if it's amazon sanctioned is to call them.

 
Solution