As sure as Amazon customers will be looking to bag a bargain this Prime Day, so cybercriminals will be looking to exploit “sales fever” in order to steal from the unwary shopper. Now it has been confirmed that one notorious tool, which makes such online theft as simple as possible, has been updated just in time to take advantage of Amazon Prime Day.
Amazon Prime Day 2018 saw an estimated $4.19 billion in sales, up from $2.41 billion in 2017. There is no reason not to expect a similar increase in sales for the 48 hours of Prime Day 2019, which begins July 15, given the marketing frenzy that has been happening for weeks now.
However, Amazon customers shouldn’t overlook fundamental cybersecurity concerns while participating in the rush to bag a bargain this year. Indeed, they should be more on guard than ever. Not least as one notorious phishing kit, which enables cybercriminals to fool customers into handing over account credentials and other valuable information, has been updated to include Amazon.
According to a warning from McAfee Labs, published July 12, the 16Shop phishing kit that has already been used to target Apple account holders was updated in May 2019 to be able to target Amazon account holders as well. “Around the same time that we discovered the Amazon Phishing Kit,” the McAfee report stated, “the social media profile picture of the actors we believe are behind 16shop changed to a modified Amazon logo.” During the time that McAfee security researchers have been monitoring 16Shop, they have “observed over 200 Malicious URLs serving this phishing kit which highlights its widespread use.”
“With Prime Day approaching cybercriminals will take advantage of the fact you will be receiving, and expecting, more emails than usual from Amazon,” Lisa Forte, partner at Red Goat Cyber Security and social engineering expert, says. She points out that it’s easy for these malicious emails to hide amongst the legitimate ones during big days such as Black Friday or Prime Day, which always yield a spike in both genuine and malicious emails.
There haven’t been any phishing emails spotted as of yet, presumably as the cybercriminals are keeping their powder dry until Prime Day begins. However, one can be reasonably confident that these emails will follow the same general pattern as was seen in previous campaigns targeting Apple account holders. Amazon customers will probably get an email informing them of a Prime Day bargain they cannot afford to miss, or maybe a security problem with their account, and encourage them to sign into their account. Predictably, the link or attachment provided will take them to a cloned Amazon account login page where any credentials entered will be diverted to the scammer instead.
“Don’t go through to Amazon from any email,” Forte advises, “login as you usually would any other time of the year, by navigating to the Amazon site yourself. All the real offers will be published there…”