Amazon phishing scam targeting customers ahead of Prime Day, researchers warn

Amazon users were put on alert Friday about an online scam targeting customers ahead of the company’s annual Prime Day next week.

Cybersecurity firm McAfee released details about a so-called phishing kit discovered recently aimed specifically at targeting Amazon customers.

Known as “16Shop,” McAfee said the kits can be used to send emails that resemble legitimate messages from Amazon but are designed to steal data.

Emails crafted and sent using the kit typically contain an attached PDF file, McAfee’s Oliver Devane and Rafael Pena explained in a blog post. Those files usually contain a link that loads a fake Amazon login page when clicked where visitors are asked to input their account information, including in some cases their credit card details, the researchers wrote. That data is then sent directly back to whoever deployed the kit.

“We recommend that if users want to check any account changes on Amazon, which they received via email or other sources, that they go to Amazon.com directly and navigate from there rather than following suspicious links,” they wrote.

The phishing kit is similar to a version identified in late 2018 as being used to target Apple customers, the researchers wrote. McAfee said it discovered the new version targeting Amazon users in May 2019, and that it believes it was likely made by the same author as the original, a hacker using the alias “DevilScreaM.”

“The group responsible for 16shop kit continues to develop and evolve the kit to target a larger audience. To protect themselves, users need to be extremely vigilant when receiving unsolicited email and messages,” wrote the researchers. “This demonstrates how malicious actors use legitimate companies to leverage their attacks and gain victims’ trust and it is expected that these kinds of groups will use other companies as bait in the future.”

Prime Day, Amazon’s annual two-day sales event, is slated to run for 48 hours starting Monday. Last year’s sale was Amazon’s “biggest global shopping event ever,” the company said previously.

Amazon has cautioned customers against opening attachments or links contained in suspicious emails purporting to be from the company and offers tips online for spotting scams.

“Amazon will never send you an unsolicited email that asks you to provide sensitive personal information like your social security number, tax ID, bank account number, credit card information, ID questions like your mother’s maiden name or your password,” Amazon says on its website. “If you receive a suspicious email, report it immediately.”