For many, Amazon Prime Day is an opportunity to score some great deals. For hackers, Amazon’s annual discount shopping campaign is an opportunity to target unsuspecting shoppers with phishing scams. In fact, researchers at McAfee Labs previously uncovered a phishing kit specifically created to steal personal information from Amazon customers in America and Japan just in time for last year’s Amazon Prime Day.
Let’s dive into the details of how this phishing kit worked and what you can do to protect yourself while hunting for those Prime Day bargains.
Phishing Kit Allowed Hackers to Target Amazon Users
You’ve probably received an email that looked a bit phishy—perhaps the logo was just slightly off–centered, or something about it didn’t feel quite right. That is how the phishing kit worked: hackers created fake emails that looked like they originated from Amazon (but didn’t). Once opened, the email prompted the unsuspecting recipient to provide their login credentials on a malicious website. Once logged in, hackers had access to the victim’s entire account, enabling them to make purchases or even worse, steal the victim’s credit card information.
When this threat first emerged, the McAfee Labs researchers reported widespread use of the phishing kit – with over 200 malicious URLs deployed on innocent online shoppers. The phishing kit was then sold through an active Facebook group with over 300 members looking for a way to access unsuspecting shoppers’ Prime accounts. McAfee notified Facebook of this group’s activity when it surfaced, and the social network took an active role in removing groups and accounts that violate their policies.
Protect Your Prime Day Shopping with These Tips
Users hoping to score some online shopping deals this week should familiarize themselves with common phishing tactics to help protect their personal and financial information. If you’re planning on participating in Prime Day, follow these security steps to help you swerve malicious cyberattacks and shop with peace of mind:
Beware of bogus deals
If you see an ad for Prime Day that looks too good to be true, chances are that the ad isn’t legitimate. Play it safe and don’t click on the ad.
Think before you click
Be skeptical of ads shared on social media sites, emails, and messages sent to you through platforms like Facebook, Twitter, and WhatsApp. If you receive a suspicious message regarding Prime Day, it’s best to avoid interacting with the message altogether.
Do your due diligence with discount codes
If a discount code lands in your inbox, you’re best off verifying it through Amazon.com directly rather than clicking on any links.
If you do suspect that your Amazon Prime account has been compromised due to a cyberthreat, take the following steps:
Change your password
Change the passwords to any accounts you suspect may have been impacted. Make sure your new credentials are strong and unique from your other logins. For tips on how to create a more secure password, read our blog on common password habits and how to safeguard your accounts.
Keep an eye on your bank account
One of the most effective ways to determine whether someone is fraudulently using your credit card information is to monitor your bank statements. If you see any charges that you did not make, report it to the authorities immediately.
Consider using identity theft protection
A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.