Amazon’s annual Prime Day sale has turned into one of the biggest shopping days of the year. According to the company, it saw more than 100 million items fly off its virtual shelves, racking up more than $1 billion in sales. This year, the company expects that more than one million items will be marked down on July 15 and 16, ready for bargain shoppers to buy. But if you’re shopping for deals during this year’s Prime Day, be careful. While you’re looking for deals, malicious actors will be looking to separate you from your money with scams.
Cybersecurity firm McAfee reported that a popular phishing kit, called 16Shop, has recently turned its attention to Amazon. While the kit has been designed to scam Apple customers, a modified version is now targeting Amazon shoppers just in time for one of the biggest shopping days of the year. 16Shop enables malicious actors to send out emails disguised to look like they come straight from Amazon itself. The emails have PDFs attached that contain links that direct victims to a website that looks essentially identical to the Amazon login page. Of course, it’s not really an Amazon site. Instead, it’s a site designed to harvest information from unsuspecting victims who find themselves on the page.
If you fall victim to this scam, the effects can be pretty devastating. If you enter your login information and password, it is relayed to the malicious actor behind the scheme via Telegram message. Once they are in possession of those login credentials, they can access a considerable amount of your private information. Your Amazon account likely contains your full name, home address, birthday, credit card information and, in some cases, even your Social Security number. That’s all the information an attacker would need to commit a considerable amount of identity fraud or rack up charges on your card without your permission. If you use the same login information for other accounts, the attacker could also gain access to those, and any personal information that may be stored by or linked to those accounts.
According to McAfee, the Amazon-focused 16Shop phishing kit has already been deployed more than 200 times, and that figure will likely only increase as Prime Day starts. McAfee found evidence that the people behind the kit have been promoting it on social media, which may result in more widespread attacks as the kit is made more accessible. This likely won’t be the only attack, either. Attackers will also attempt to trick victims into clicking on malicious links with emails promising gift cards or pretending to need confirmation on an order.
While these attacks are something to watch out for during Prime Day—and, frankly, year-round—remaining vigilant and being cautious can help you avoid falling victim to these phishing schemes. One of the easiest methods to avoid scammers is to simply never click on a link in an email. If you receive a message that purports to be from Amazon—or any other company or service for that matter—simply visit the site manually. If the alert is real, it will be available to you when you log in.