Security researchers at McAfee say that hackers have released a do-it-yourself kit that allows people to easily put together phishing scams targeting Amazon users – just in time for Prime Day next week.
McAfee first noticed the so-called 16Shop phishing kit in action in November, when it was being used to create fake emails, supposedly from Apple, trying to gain access to people’s Apple accounts. The scam let hackers create a realistic-looking Apple sign-in page to steal your login credentials.
Starting in May, 16Shop expanded to target Amazon users, McAfee wrote on Friday, July 12. The new version allows would-be hackers to create their own realistic-looking Amazon login page that would give them your username and password — pretty much everything they would need to log into your account. Here’s what it looks like:
Hackers have already begun to embrace the new version of 16Shop: McAfee said it had seen more than 200 pages that utilized the phishing kit to create phony login screens.
“The group responsible for 16shop kit continues to develop and evolve the kit to target a larger audience,” wrote Oliver Devane, a senior security researcher at McAfee. “To protect themselves, users need to be extremely vigilant when receiving unsolicited email and messages.”
The scam largely targets users by email, telling them that their account has been compromised and directing them to open a PDF with a link to the fake Amazon-branded login screen. Amazon’s Prime Day sale, which runs Monday and Tuesday, July 15-16, could be a prime time for these scams. Even though the kit is a few months old, it’s not hard to imagine an email with an unrealistically discounted deals tricking discount-hungry Prime Day users into clicking on a phishing link.
“This demonstrates how malicious actors use legitimate companies to leverage their attacks and gain victims’ trust and it is expected that these kinds of groups will use other companies as bait in the future,” Devane wrote.
We reached out to Amazon to see how they’re responding to the scam, but a spokesperson declined to comment. Here are a few different ways to protect yourself:
Remember, if it seems too good to be true, it probably is. Stay safe as your shop for deals — legitimate ones — this Prime Day.
Related Posts
Is there a Walmart Plus free trial? Get a month of free delivery
START YOUR FREE TRIAL
Best Buy’s Cyber Monday has insane discounts of up to 72% off
Arlo is considered one of the best home security camera makers, so this deal on three of their indoor/outdoor cams is a fantastic way to get started on your home security journey. In our mashup of the Arlo Pro 5S vs Ring Stick Up Cam — two of the most premium security cams available — the Arlo Pro 5S was considered best for those wanting the "most vivid images possible."
Spotify vs. Pandora: which streaming service should you choose?
Both services have their unique strengths and weaknesses. Spotify boasts a more extensive music catalog, robust social features for sharing and discovering music with friends, and a more polished user experience across devices.