Security researchers find Amazon ‘phishing scam kit’ as Prime Day approaches

amazon logo header

Just as Amazon Prime Day is approaching, researchers have found a “phishing scam kit” that could allow hackers to send emails to customers impersonating the tech giant.

Researchers at McAfee spotted the phishing kit and say that it has all of the tools that a hacker would need to start a phishing campaign to target Amazon customers, as reported by Wired.

The researchers found that the kit is called 16Shop, and was previously used to target Apple customers last year in November. In both cases, the kit would allow any to create an email that looks like it came from the company.

It would have a PDF attached that would have malicious content disguised as an actual website. In this case, it would look like the Amazon login page.

Those who would click on the link and enter their information would have given access to their Amazon account. Just like in the previous case with Apple, this would give up home addresses, credit card information, and even customers’ social security numbers.

Wired outlines that all of this is standard for a phishing campaign, but that this one is significant because of its timing near Prime Day.

However, the scam does not seem to be too clever, as users just have to ensure that the email is actually from who it says it is. You also shouldn’t open attached files from senders you don’t trust. It’s also important to check the URL before you enter any information.

Source: Wired