Don’t fall for these Amazon Prime Day phishing scams

By Kim Komando

July 15, 2019

Christmas has finally arrived! Christmas in July, that is, with the official start of Amazon Prime Day that kicked off at midnight Pacific time Monday.

It’s already rolled out incredible deals on its own line of tech, along with Apple products and items you didn’t know you wanted or needed. Just looking at the Prime Days deal page can be somewhat overwhelming — and that kind of distraction is exactly what cybercriminals are counting on.

During a fast-paced sales event like Prime Day, some concerns might come to mind such as: Am I getting the best deal? Will an item sell out before I can buy it? Valid concerns, sure, but there are other elements at play including bad actors who want to take advantage of you. And if you’re not careful, you might not even know you’ve been duped until it’s too late.

A Prime Day for phishing

We’ve already covered tips on how you can keep an eye out for fake deals during Prime Day, but that’s not the worst of it. These kinds of big events bring scammers out of the woodwork, and they’ll be out in full force early this week using methods like phishing scams to dupe you into handing over your info.

According to security researchers at McAfee, phishers are rolling out malicious emails relating to Prime Day that appear to come from Amazon. Inside will be links directing you to a fake login page and once you enter your credentials, those criminals will have immediate access to your Amazon account.

They’re using a phishing kit called 16Shop to carry out fake email campaigns but there are other risks besides links to malicious sites. Included PDF attachments will also try to trick you into giving up other sensitive data, including banking and credit card information, along with other personal details such as Social Security numbers.

Other Prime Day scam risks

Phishing isn’t just limited to emails, although you will find those to be more prevalent during shopping events where these scams can easily be mixed in with a legitimate deluge of emails coming from Amazon and other competing retailers. You also need to be wary of texts regarding “deals.”

Amazon tends to put a spotlight on its coupons during Prime Day, and those can be spoofed through emails and texts. Just like the fake login page, these can redirect to a bogus site that looks like Amazon and just waiting for your payment details to be entered.

 

YOU MIGHT ALSO LIKE: 7 THINGS YOU SHOULD BE DOING WITH YOUR AMAZON PRIME ACCOUNT

 

Again, it’s scammers looking to capitalize on your haste during sales events where you have to make relatively quick decisions on purchases. Luckily, you can protect yourself from getting duped.

Protecting your sensitive info during Prime Day

While a good practice year-round, it’s especially important to take a closer look at emails regarding Prime Day and other sales. The risk becomes greater because McAfee says a specific Facebook group is making it easy for scammers to get their hands on the 16Shop phishing kit mentioned above. And get this, the group hasn’t been shut down yet. Go figure.

Here are some ways to stay protected:

• Don’t trust an email just because it says it’s coming from a legitimate web address. It can be easily faked, so the best practice is to avoid clicking on links and instead navigate to websites manually by typing the URL into another tab or window. Take this test to see how well you can spot phishing email attempts by clicking or tapping here and check out other tips here.
• Watch for unsolicited text messages promising big discounts and coupons. Do not click on any links and block the sender.
• Use two-factor authentication on your Amazon account and any other online account that offers that extra layer of security. Learn more by clicking or tapping here.
• Make sure to use sophisticated and unique passwords for each of your online accounts. All it takes is for one to be compromised before exposing your other accounts.
• Use a VPN to encrypt your online activity. Learn more about the service we recommend, ExpressVPN, by tapping or clicking here.

You can also report any suspicious emails, texts or spoofed websites you come across to the Federal Trade Commission. Here’s how to do it:

• Forward phishing emails to the FTC at spam@uce.gov and to the Anti-Phishing Working Group at reportphishing@apwg.org.
• Forward phishing text messages to SPAM (7726).
• Report phishing attacks to the FTC at ftc.gov/complaint.

We may receive a commission when you buy through our links, but our reporting and recommendations are always independent and objective.

Tags: Apple, cybercriminals