A new phishing scam targets Amazon users just in time for Prime Day

A fake Amazon login page targeting users

Security researchers at McAfee say that hackers have released a do-it-yourself kit that allows people to easily put together phishing scams targeting Amazon users – just in time for Prime Day next week.

McAfee first noticed the so-called 16Shop phishing kit in action in November, when it was being used to create fake emails, supposedly from Apple, trying to gain access to people’s Apple accounts. The scam let hackers create a realistic-looking Apple sign-in page to steal your login credentials.

Starting in May, 16Shop expanded to target Amazon users, McAfee wrote on Friday, July 12. The new version allows would-be hackers to create their own realistic-looking Amazon login page that would give them your username and password — pretty much everything they would need to log into your account. Here’s what it looks like:A fake Amazon login page could target Prime Day customers

Hackers have already begun to embrace the new version of 16Shop: McAfee said it had seen more than 200 pages that utilized the phishing kit to create phony login screens.

“The group responsible for 16shop kit continues to develop and evolve the kit to target a larger audience,” wrote Oliver Devane, a senior security researcher at McAfee. “To protect themselves, users need to be extremely vigilant when receiving unsolicited email and messages.”

The scam largely targets users by email, telling them that their account has been compromised and directing them to open a PDF with a link to the fake Amazon-branded login screen. Amazon’s Prime Day sale, which runs Monday and Tuesday, July 15-16, could be a prime time for these scams. Even though the kit is a few months old, it’s not hard to imagine an email with an unrealistically discounted deals tricking discount-hungry Prime Day users into clicking on a phishing link.

A phishing email designed to look like it came from Apple.
A phishing email designed to look like it came from Apple.

“This demonstrates how malicious actors use legitimate companies to leverage their attacks and gain victims’ trust and it is expected that these kinds of groups will use other companies as bait in the future,” Devane wrote.

We reached out to Amazon to see how they’re responding to the scam, but a spokesperson declined to comment. Here are a few different ways to protect yourself:

  • Don’t open suspicious emails: If you think an email is a scam, don’t even risk opening it.
  • Check who sent it: Any legitimate Amazon emails will come from the Amazon.com domain. If you click on the email of the sender, you’ll often be able to see exactly where it came from. Amazon has more info for users on how to determine if an email is from them.
  • Check the URL: If an email asks you to click a link, hover over it to see if it’s taking you to a legitimate Amazon.com web page or somewhere else.
  • Don’t download attachments: If you suspect an attachment is a scam — or even if it’s from someone you know but weren’t expecting it — just don’t download it.
  • Turn on two-factor authentication: This adds more security to your account by requiring you to enter a unique security code before you log in. The code can be texted to your phone, or you can use an authenticator app.
  • Use a password manager app: Even if your Amazon information is compromised, a password manager will make sure you’re not using the same login credentials for other sites.

Remember, if it seems too good to be true, it probably is. Stay safe as your shop for deals — legitimate ones — this Prime Day.

Deals

Best Labor Day sales: Amazon, Walmart, and Home Depot drop early deals

Labor Day 2019 lands on Monday, September 2 this year. We've gathered all of the information you need to prepare yourself for the many sales to come, from REI to Walmart and everything in between.
Social Media

How to control the private data that apps and websites share with Facebook

Facebook finally introduced a tool that allows you to control and limit the data that third-party apps and websites share with the social media giant, a feature that should help improve Facebook's much-criticized stance on privacy.
Computing

1.5% of Chrome users’ passwords are known to be compromised, according to Google

In February, a new feature was introduced to the Google Chrome browser which checks whether users' passwords are secure. Now, Google has released eye-opening stats gathered from Password Checkup.
Mobile

How to root Android phones and tablets (and unroot them)

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.
News

Facebook is hiring actual human journalists to fight fake news

Facebook is looking to hire journalists whose job will be to fight fake news. The social media giant said it plans to hire a team of journalists that will curate a dedicated news section known as the News Tab within the mobile app.
Gaming

Some future Sony exclusives could be released on PC as well

SIE Worldwide Studios chairman Shawn Layden said Sony could open up some of its future exclusive games to PC players, specifically those with an online multiplayer bent. Don't count on the next God of War to come to PC, though.
Movies & TV

The next James Bond movie has a title, and it’s disappointingly traditional

Daniel Craig will face off against Oscar-winning Bohemian Rhapsody star Rami Malek and team up with a new, female 007 in the 25th installment of the James Bond franchise, scheduled to hit theaters April 8, 2020.
Emerging Tech

India’s lunar mission just got one giant leap closer to the moon

India’s uncrewed lunar mission entered into the moon’s orbit on Tuesday, bringing it within striking distance of its historic goal, according to an announcement from the Indian Space Research Organisation.
Cars

Limited-edition Hyundai i30 N Project C will be Korea’s hottest hatch

Hyundai will unveil a limited-edition version of its i30 N hot hatchback at the 2019 Frankfurt Motor Show in September. The car, called Project C, will feature carbon fiber-reinforced plastic parts to reduce weight.
Emerging Tech

Move over Spot. There’s a new robo-dog on the block — and it’s waterproof

ANYbotics, the Swiss robotics company behind the four-legged, oil rig-inspecting ANYmal robot, has released its next-generation quadruped robot dog successor. Check it out in action.
News

Elon Musk likes Newt Gingrich’s $2 billion moon base prize

SpaceX CEO Elon Musk really likes former House Speaker Newt Gingrich's idea to award a $2 billion prize to anyone who can build and run a base on the moon. Gingrich proposed a contest to see who can establish and run the first lunar base. 
Home Theater

Apple TV+ will launch by November, cost the same as Apple Music

Apple's streaming video service Apple TV+ will reportedly cost $10 per month, putting it in line with the per-month cost of Apple's subscription-based Apple Music and Apple News+ services.
Movies & TV

It’s official: The Matrix 4 will bring back Keanu Reeves, Carrie-Anne Moss

Get ready to take the red pill once again: Original co-director Lana Wachowski will write and direct a new sequel to The Matrix, with Keanu Reeves returning as Neo and Carrie-Anne Moss coming back as Trinity.
News

Casio’s newest PRO TREK smartwatch finally adds heart rate monitoring

Casio's PRO TREK WSD-F21HR is the company's first smartwatch with a heart rate monitor. The $500 WearOS watch tracks runs, cycles, and climbs via GPS. It can also log activity, outdoor conditions, and save trails for future treks.