Skip to main content

A new phishing scam targets Amazon users just in time for Prime Day

A fake Amazon login page targeting users

Security researchers at McAfee say that hackers have released a do-it-yourself kit that allows people to easily put together phishing scams targeting Amazon users – just in time for Prime Day next week.

McAfee first noticed the so-called 16Shop phishing kit in action in November, when it was being used to create fake emails, supposedly from Apple, trying to gain access to people’s Apple accounts. The scam let hackers create a realistic-looking Apple sign-in page to steal your login credentials.

Starting in May, 16Shop expanded to target Amazon users, McAfee wrote on Friday, July 12. The new version allows would-be hackers to create their own realistic-looking Amazon login page that would give them your username and password — pretty much everything they would need to log into your account. Here’s what it looks like:A fake Amazon login page could target Prime Day customers

Hackers have already begun to embrace the new version of 16Shop: McAfee said it had seen more than 200 pages that utilized the phishing kit to create phony login screens.

“The group responsible for 16shop kit continues to develop and evolve the kit to target a larger audience,” wrote Oliver Devane, a senior security researcher at McAfee. “To protect themselves, users need to be extremely vigilant when receiving unsolicited email and messages.”

The scam largely targets users by email, telling them that their account has been compromised and directing them to open a PDF with a link to the fake Amazon-branded login screen. Amazon’s Prime Day sale, which runs Monday and Tuesday, July 15-16, could be a prime time for these scams. Even though the kit is a few months old, it’s not hard to imagine an email with an unrealistically discounted deals tricking discount-hungry Prime Day users into clicking on a phishing link.

A phishing email designed to look like it came from Apple.
A phishing email designed to look like it came from Apple.

“This demonstrates how malicious actors use legitimate companies to leverage their attacks and gain victims’ trust and it is expected that these kinds of groups will use other companies as bait in the future,” Devane wrote.

We reached out to Amazon to see how they’re responding to the scam, but a spokesperson declined to comment. Here are a few different ways to protect yourself:

  • Don’t open suspicious emails: If you think an email is a scam, don’t even risk opening it.
  • Check who sent it: Any legitimate Amazon emails will come from the domain. If you click on the email of the sender, you’ll often be able to see exactly where it came from. Amazon has more info for users on how to determine if an email is from them.
  • Check the URL: If an email asks you to click a link, hover over it to see if it’s taking you to a legitimate web page or somewhere else.
  • Don’t download attachments: If you suspect an attachment is a scam — or even if it’s from someone you know but weren’t expecting it — just don’t download it.
  • Turn on two-factor authentication: This adds more security to your account by requiring you to enter a unique security code before you log in. The code can be texted to your phone, or you can use an authenticator app.
  • Use a password manager app: Even if your Amazon information is compromised, a password manager will make sure you’re not using the same login credentials for other sites.

Remember, if it seems too good to be true, it probably is. Stay safe as your shop for deals — legitimate ones — this Prime Day.

Editors' Recommendations