Security researchers at McAfee say that hackers have released a do-it-yourself kit that allows people to easily put together phishing scams targeting Amazon users – just in time for Prime Day next week.
McAfee first noticed the so-called 16Shop phishing kit in action in November, when it was being used to create fake emails, supposedly from Apple, trying to gain access to people’s Apple accounts. The scam let hackers create a realistic-looking Apple sign-in page to steal your login credentials.
Starting in May, 16Shop expanded to target Amazon users, McAfee wrote on Friday, July 12. The new version allows would-be hackers to create their own realistic-looking Amazon login page that would give them your username and password — pretty much everything they would need to log into your account. Here’s what it looks like:
Hackers have already begun to embrace the new version of 16Shop: McAfee said it had seen more than 200 pages that utilized the phishing kit to create phony login screens.
“The group responsible for 16shop kit continues to develop and evolve the kit to target a larger audience,” wrote Oliver Devane, a senior security researcher at McAfee. “To protect themselves, users need to be extremely vigilant when receiving unsolicited email and messages.”
The scam largely targets users by email, telling them that their account has been compromised and directing them to open a PDF with a link to the fake Amazon-branded login screen. Amazon’s Prime Day sale, which runs Monday and Tuesday, July 15-16, could be a prime time for these scams. Even though the kit is a few months old, it’s not hard to imagine an email with an unrealistically discounted deals tricking discount-hungry Prime Day users into clicking on a phishing link.
“This demonstrates how malicious actors use legitimate companies to leverage their attacks and gain victims’ trust and it is expected that these kinds of groups will use other companies as bait in the future,” Devane wrote.
We reached out to Amazon to see how they’re responding to the scam, but a spokesperson declined to comment. Here are a few different ways to protect yourself:
Remember, if it seems too good to be true, it probably is. Stay safe as your shop for deals — legitimate ones — this Prime Day.