Amazon Prime Day(s) have come and gone for another year, and like so many of you out there, we at the Adaware Malware Labs Team, love doing our online shopping on Prime Days, in fact, sales figures from the two-day shopping extravaganza didn’t just do well, it broke records for the online commerce giant.
This year, however, it wasn’t just Amazon looking to separate you from your money, it was also cybercriminals. According to a recent report from Wired, a big phishing scam generated through the 16Shop phishing scam kit had attempted to scam victims into providing key details including their names, birth dates, credit card numbers, PINS, and social security numbers. The goal of this phishing scam was to steal the identity of unsuspecting online shoppers.
What is a Phishing kit?
A phishing kit is a collection of phishing tools, processes, and exploits that a cybercriminal puts together to make it easier for themselves and others to launch phishing attacks. The 165Shop phishing kit is a modified version of the original kit that had targeted Apple account holders in the United States and Japan in order to compromise their login data and credit card information.
How did this scam work?
The particular scam that was attempted followed this pattern
- The person received an email from Amazon (fake) asking them to log into their account (for security, shipping, update).
- If they did not access their account, they would not be able to access it on Prime Day
- This is a social engineering technique designed to push on the pain point of a customer potentially losing access to his/her Amazon account just prior to the time-sensitive Prime Day event. The goal is that you will react quickly without paying attention to the email or web page you’re visiting.
- Clicking on the provided link will take you to a fictitious landing page where you will be required to enter your username and password
- Doing this will result in getting your Amazon access stolen. From their scammers can access your account, and gain your full mailing address and telephone number.
- You will be then asked to reenter your credit card information including security PIN
- The cybercriminal will then have access to your complete credit card information.
The end result is that your complete information is stolen to be used for identity theft as well as being resold on the dark web.
Why these types of attacks work well?
Leading up to Prime Day, your inbox is inundated with countless emails notifying you of offers that will be soon available. With this quantity of emails, Cybercriminals figure that it would be easy to slip in a phishing email asking you to log into your account.
Events like Prime Day can create an atmosphere of urgency. With some products having limited quantities available, and some special offers only lasting for a few hours. Cybercriminals are fully aware of this and use behavioural engineering techniques to keep even the most security conscience online shopper off balance.
How frequently do these types of scams occur?
These types of phishing attacks happen with regularity throughout the year, but they are especially prevalent during significant events. Cybercriminals target highly visible events like Prime Day, Black Friday, Christmas, Thanksgiving or Boxing Day because they know that consumers are expecting an increased frequency of emails from businesses and marketplaces notifying them of potential deals.
How to prevent this type of scam?
Here is a quick checklist for making sure you don’t get caught by this type of phishing email:
When you are not sure, ignore it:
- If you are not sure, and you think it may be legitimate, you can call up the organization. (Never use the telephone number provided in the email.
Investigate who sent you the email:
- Look at the email address of the email that you received. If it is from a public domain like Gmail or Yahoo Then in all likelihood, it is a scam. Also, look at the domain and where it is from. If it’s not from the “amazon.com” domain, it might not actually be from Amazon.
Don’t open attachments from strangers:
- This goes without saying, but you will be surprised just how man people still open attachments from strangers.
Look at all hyperlinks
- Hover your mouse over hyperlinks to see where they’re actually pointing; if it is from a strange URL, it is a scam.
Install a good antimalware solution
- An antimalware solution like Web Companion is designed to alert you before you land on the drive-by download hijacked website. If you are unable to land on a hijacked site, your system will not be able to become infected with malware.
Make sure you have an updated antivirus solution installed
- Ensuring you have the right antivirus solution for your needs is critically important to prevent phishing attacks. The right antivirus solution, like Adaware, will detect and destroy any phishing attacks that may infect your computer.
Use a password manager
- A password manager will help to ensure that cybercriminals can not access all of your login credentials for every site.
Before your next online shopping spree pay close attention to the emails you read and the hyperlink you click. A little caution will go a long way.