Today (Monday, July 15, 2019) marks the start of Amazon Prime Day. Prime Day, which runs through tomorrow is a once-a-year event where Amazon.com places numerous items on sale at steep discounts. It is also a “prime” opportunity for scammers to send phishing emails and perpetrate other scams that can put your security posture at risk.
Cybersecurity firm McAfee reported that a popular phishing kit, called 16Shop, has recently turned its attention to Amazon. While the kit has been designed to scam Apple customers, a modified version is now targeting Amazon shoppers just in time for one of the biggest shopping days of the year. 16Shop enables malicious actors to send out emails disguised to look like they come straight from Amazon itself. The emails have PDFs attached that contain links that direct victims to a website that looks essentially identical to the Amazon login page. Of course, it’s not really an Amazon site. Instead, it’s a site designed to harvest information from unsuspecting victims who find themselves on the page. This information (such as reused passwords) can then be used to compromise corporate systems.
Other scams include spoofed sites, malicious coupon code redirects, gift card scams, and other phishing scams.
More can be found at:
Organizations should warn their user base about these scams. Users should make sure to visit the amazon.com web site by entering the site directly into their web browser, not by clicking on links in emails.
If you are an Assura managed Security Awareness and Training customer or Virtual ISO customer with Security Awareness and Training implemented, contact your Assura point-of-contact and we can run a Prime Day-specific phishing campaign for you.
Stay safe out there while enjoying the discounts.
The Assura Team