Big sales days are the perfect opportunity for malicious actors to jump into the frenzy of emails and emotions to try and compromise your information. Learn more about this new phishing kit and how you can identify the signs of a phishing attack.
Today is the beginning of Amazon’s Prime Day sale — one of the biggest shopping events of the year. Last year, businesses on Amazon cleared more than $1 billion in sales, selling to tens of millions of consumers.
It’s a massive online event, which means scammers and malicious hackers are on the prowl to get between you, your personal information, and your money.
Cybersecurity firm McAfee reported on a phishing kit they’ve been observing since November 2018 called “16Shop” which was being used to target Apple account holders in Japan and the United States and steal their login and credit card information.
A phishing kit is a collection of tools, processes and exploits that a hacker puts together to make it easier for others to launch phishing attacks. If you’re interested in the history and technical breakdown of this kit, I highly recommend reading McAfee’s detailed report on it.
McAfee recently saw a modified version aimed at Amazon account holders, and it works in a similar way, asking you to submit your Amazon login credentials to a fake web page meant to steal your information.
Why do these attacks work so well?
These types of phishing attacks happen year-round, but they’re especially effective during sales events like this, for a few reasons.
During events like Prime Day, Black Friday, or Boxing Day, you’re seeing a flurry of emails from businesses and marketplaces notifying you of deals. With this much volume in your inbox, it’s easier for a phishing email to get grouped in with the rest of your legitimate emails. When you’re seeing an hourly Amazon email during Prime Day, another one asking for you to log in doesn’t feel out of place.
Sales events also create an atmosphere of urgency — some of these deals only last for a few hours. A sense of urgency can compromise your decision-making, and malicious hackers and scammers know this all too well. They’ll push on the pain of you losing access to your account during a time-sensitive event, hoping you’ll react quickly without paying attention to the email or web page you’re visiting.
What can happen if you fall for these scams?
Like most phishing attacks targeting consumers, falling for these attacks means giving up personal and credit card information.
At the very least, you can lose access to your Amazon account, which means a malicious actor can use your account to rack up charges. And with a service like Amazon that has so many connected services (like Prime Video, Prime Music, Twitch, etc.) you also risk losing access to all of those.
If you re-use your passwords and information across multiple services (which is highly discouraged), you could also lose access to those as well. You could even lose access to your email account, which is usually the best (or only) way to easily recover your accounts when you lose them.
And of course, some of these accounts could hold your Social Insurance Number or other critical personal information that a malicious actor could use to commit identity fraud.
How can you protect yourself today?
The easiest thing to do is to never click on links in emails. When a service provider like Amazon emails you, especially with account or security related information, it’s best to read the email and then go to that service directly through your web browser. If the security message is real, it will always be available to you on the service itself.
If you do have to click on a link in an email, hover over the link to make sure it looks legitimate. Look for spelling errors, numbers replacing letters (1 instead of i), and characters, hyphens and periods that seem excessive or out-of-place.
You can see easily some of these red flags in the fake links McAfee found when researching the Amazon kit:
- verification-amazonaccess.jaremaubalenxzbhcvhsd.business/
- verification-amazon.3utilities.com/
- verification-amaz0n.com/
- verification-amazon.servicesinit-id.com/
And finally, when you’re on a web page, double check the URL to make sure it’s real and what you’d expect. Again, look for the differences you’d look for when inspecting a link in an email.
You should also be using unique passwords and security questions for all of your accounts, keeping them safe with a password manager, and using multiple-factor authentication whenever you can. These will all protect you in the event of one of your accounts getting compromised.
Recognize that email phishing attacks happen year-round, but happen more frequently during big events like Prime Day. Follow these tips, watch for the red flags of an attack, and stay safe.
Rob brings over 20 years of experience in the technology industry writing, presenting and blogging on subjects as varied as software development tools, silicon reverse engineering, cyber-security and the DNS. An avid product marketer who takes the time to speak to IT professionals with the information and details they need for their jobs.
