‘Think before you click': Phishing scam targets Amazon customers ahead of Prime Day

Online shoppers won’t be the only ones celebrating the latest deals available on Prime Day, Amazon’s biggest online shopping event. Millions of Amazon Prime users provide their credit card information online, and cyber-criminals are taking advantage of the July 15 sale to steal sensitive consumer information.

RELATED‘No membership required': Target launches ‘Deal Days' to compete with Amazon Prime Day

Researchers at the computer security company McAfee shared details on the company’s online blog about a new version of a phishing kit they have been observing since 2018, originally created to target Apple customers.

The company said this phishing kit is an updated version of one dubbed 16Shop that they had been tracking since early November 2018, and says it has been targeting Apple account holders in the United States and Japan.

Now, this new version has been updated to target Amazon customers just in time for the biggest shopping day next to Black Friday and Cyber Monday.

The phishing kit makes it easy for any self-described hacker to construct an email that looks uncomfortably similar to an email alert you would get from Apple, Amazon, or any other tech company.

“Prime Day is becoming one of hottest shopping periods for the summer - however it is also becoming one of the hottest opportunities for cybercriminals as well,” said Gary Davis, McAfee Chief Consumer Security Evangelist.

In a phishing attack, people generally will get an email that links to a website designed to look like a log in page, which then asks for sensitive information like your home address, credit card information and Social Security number.

“We recommend that if users want to check any account changes on Amazon, which they received via email or other sources, that they go to Amazon.com directly and navigate from there rather than following suspicious links,” warned McAfee.

According to McAfee security experts, the author of the kit goes by the alias DevilScreaM and is involved in the Indonesian hacking group “Indonesian Cyber Army.”

The company says the group responsible for the phishing kit continues to develop and evolve their kit in order to target a larger audience.

The company suggests users be extremely vigilant when receiving unsolicited email and messages.

“Consumers should carefully review any ad for Amazon Prime Day that looks too good to be true - think before you click on ads shared on social media sites, emails and messages you receive through platforms such as Facebook, Twitter, and Whatsapp,” said Davis.

Amazon provides tips on how to identify whether or not an email, phone call, or web page is actually from Amazon on its website.

The company says that they will never send any unsolicited email that asks any of its customers to provide sensitive personal information.

Amazon suggests you report suspicious phishing emails immediately if you receive one.