![](\"https:\/\/media.wired.com\/photos\/5d27b9ba1da7e10008d6a991\/master\/pass\/Amazon-Phishing-153339871-157171052.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Fri, 12 Jul 2019 13:00:00 +0000<\/strong><\/p>\n Next week, Amazon <\/span>will celebrate Prime Day<\/a>, a bacchanal of modestly discounted ephemera. But amid the flurry of cheap TVs and ebooks and what else, maybe Instant Pots? Watch out for this clever phishing campaign<\/a> that might hit your inbox.<\/p>\n Researchers from security company McAfee today have shared details of a so-called phishing kit, which contains the tools an aspiring hacker would need to kick off a phishing campaign, designed to target Amazon customers. While McAfee discovered this particular kit in May, it appears to be a spinoff of one that had targeted Apple users in the US and Japan last November. The kit is called 16Shop; its author goes by the handle DevilScreaM.<\/p>\n In both the Apple and Amazon campaigns, 16Shop makes it easy for anyone to craft an email that looks like it comes from a major tech company, with a PDF attached. That PDF contains links to malicious sites that have been gussied up to look like, in this most recent case, an Amazon log-in page. Anyone who falls for it will have given up the keys to their Amazon account, and any other service for which they reuse that same password. As with the previous Apple campaign, those links direct victims to a page that requests not just their name but also their birthday, home address, credit card info, and Social Security number.<\/p>\n \u201cThe use of major brands looks to leverage the subconscious lever of authority to invoke user interaction,\u201d says McAfee chief scientist Raj Samani.<\/p>\n All of this is typical of a phishing campaign, and in fact less sophisticated than the more targeted spearphishing attacks that regularly strike high-value targets. Its significance, though, lies in the timing. With Prime Day fast approaching\u2014bringing with it a barrage of legitimate deals emails from Amazon\u2014the sharks are circling.<\/p>\n \u201cCybercriminals take advantage of popular, highly visible events when consumers are expecting an increased frequency of emails, when their malicious emails can hide more easily in the clutter,\u201d says Crane Hassold, threat intelligence manager at the digital fraud defense firm Agari. \u201cConsumers are also more conditioned to receiving marketing or advertisement emails during certain times of the year\u2014Black Friday, Christmas, Memorial Day\u2014and cybercriminals format their attack lures accordingly to increase the chances of success.\u201d<\/p>\n At the very least, interest around the Amazon phishing kit appears high. McAfee says that DevilScreaM set up a Facebook group to sell licenses and provide product support\u2014like any good software startup\u2014nearly two years ago. By November 2018, the group had 200 members. As of last month, it had topped 300 members and 200 posts. And McAfee has identified over 200 malicious URLs\u2014that start deceptively with verification-amazonaccess, verification-amaz0n, and so on\u2014associated with the phishing kit. It\u2019s unclear how many people have actually fallen for the ruse, but fair to say that business is bustling.<\/p>\n McAfee notified Facebook that the 16Shop group exists, but as of Thursday night the social network had not yet taken it down. Facebook did not return a request for comment.<\/p>\n The good news is, the Amazon scam spree doesn\u2019t appear uniquely clever, which means the usual rules for protecting yourself<\/a> apply. Make sure that email comes from who it claims; in Gmail you can double check by clicking on the downward arrow next to your name. Don\u2019t open attachments unless you\u2019re sure it\u2019s from someone you trust. Similarly, don\u2019t type your information into a website that\u2019s not legit, which means taking a close look at that URL. (The green lock in the URL bar, sadly, just means your data is encrypted in transit, not that it\u2019s headed somewhere safe.) Get a password manager<\/a>, to limit the fallout if you do accidentally cough up your log-in details. And don\u2019t trust a deal that seems too good to be true\u2014even on Prime Day.<\/p>\n