Amazon Prime Day is becoming one of the hottest shopping periods for the summer. However, it is also becoming one of the hottest opportunities for cybercriminals, as hackers target shoppers in a number of ways during peak shopping moments to steal personal data or financial information. In fact, researchers at McAfee Labs have uncovered a phishing kit specifically created to steal personal information from Amazon customers in America and Japan.
How exactly does this phishing kit work? The kit allows hackers to create phishing emails that look like they have come from Amazon. The emails prompt users to share their login credentials on a malicious website. Once the victim hands over their login, the hackers can use the victim’s account to make fraudulent purchases and steal their credit card information saved in their Prime account.
According to McAfee Labs researchers, this phishing scam has already seen widespread use, with over 200 malicious URLs being used to prey on innocent online shoppers. Additionally, the phishing kit is being sold through an active Facebook group with over 300 members and 200 posts in recent weeks. McAfee has notified Facebook of the existence of this group. The social network has taken an active posture in recent months of taking down groups transacting in such malicious content.
So, what does this threat mean for Amazon users? If you’re planning on participating in Prime Day, follow these security steps to help you swerve malicious cyberattacks:
- Beware of bogus deals. If you see an ad for Prime Day that looks too good to be true, chances are that the ad isn’t legitimate.
- Think before you click. Be skeptical of ads shared on social media sites, emails, and messages sent to you through platforms like Facebook, Twitter, and WhatsApp. If you receive a suspicious message regarding Prime Day, it’s best to avoid interacting with the message.
- Do your due diligence with discount codes. If a discount code lands in your inbox, you’re best off verifying it through Amazon.com directly rather than clicking on any links.
If you do suspect that your Amazon Prime account has been compromised due to a cyberthreat, take the following steps:
- Change your password. Change the passwords to any accounts you suspect may have been impacted. Make sure they are strong and unique.
- Keep an eye on your bank account. One of the simplest ways to determine whether someone is fraudulently using your credit card information is to monitor your bank statements. If you see any charges that you did not make, report it to the authorities immediately.
- Consider using identity theft protection.A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.
And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.