Watch out for Prime Day phishing SCAMS: McAfee researchers warn of impending cyber attacks ahead of popular online shopping day
- Researchers warn that phishers will be targeting people on Amazon Prime Day
- Shoppers should beware of emails sent from Amazon that may contain scams
- A tool kit allows hackers to dupe people into divulging passwords and more
- To avoid scams, people should scrutinize emails and avoid suspicious links
- A group on Facebook selling phishing tools has yet to be removed
Discounted TVs aren’t the only danger to your wallet during Amazon’s impending Prime Day sale.
According to security researchers at McAfee, phishers are preparing an array of Prime Day-related scams meant to trick people into giving up their sensitive information.
Using an ‘Amazon Phishing Kit’ researchers say hackers can ship out malicious emails that appear to be sent from Amazon, containing links that direct victims to a fake Amazon login page.
Phishing scams are homing in on Amazon customers ahead of the company’s two-day sale, Prime Day on July 15 and 16.
HOW TO STAY SAFE
To avoid being scammed, you can take a few precautions:
- Look carefully at emails sent by Amazon and be sure the sending address is actually from the company
- Avoid following embedded links in emails that require you enter your login information
- Always closely check the URL of sites you are redirected to, if you do click
- Go directly to the company’s page by entering the URL yourself, instead of just following links
Once there, unwitting users are able to input their credentials which are then promptly sent to a hackers inbox on encrypted messaging app Telegram.
As reported by Wired, consumer events like Prime Day represent a particularly juicy opportunity for scamsters looking to dupe victims into forking over their personal info.
‘Cybercriminals take advantage of popular, highly visible events when consumers are expecting an increased frequency of emails, when their malicious emails can hide more easily in the clutter,’ Crane Hassold, threat intelligence manager at the digital fraud defense firm Agari told Wired.
‘Consumers are also more conditioned to receiving marketing or advertisement emails during certain times of the year—Black Friday, Christmas, Memorial Day—and cybercriminals format their attack lures accordingly to increase the chances of success.’
Using a the kit called 16Shop, scammers are able to create an email that appears as though it’s coming from a legitimate company.
If the victims interacts with links attached to a PDF in the email, phishers can quickly abscond with loads of personal information.
At risk for victims is credit card information, birthdays, addresses, and even social security numbers.
The kit was originally designed to target Apple users, but according to researchers, Prime Day appears to be phishers’ current target.
At risk is customers’ credit card information, birthdays, home addresses, and even their social security numbers. File photo
To avoid being scammed, researchers recommend scrutinizing emails sent by Amazon with extra rigor and refraining from following links to enter login information sent through email.
Simply judging an email by whether the address it’s sent from is no longer sufficient say security analysts, since even emails can be faked.
Instead, it’s best to go directly to a company’s page by entering a URL into your address bar and then proceed from there.
Wired reports the researchers at McAfee reported that a group on Facebook was reportedly selling its kit and offering phishers support on their quest to bilk people out of their personal information but Facebook has yet to remove the group from its platform.
Amazon Prime takes will take place on July 15 and 16.