These phishing emails are the result of a so-called phishing kit, which contains the tools an aspiring hacker would need to kick off a phishing campaign designed to target Amazon customers. While McAfee discovered this particular kit in May, it appears to be a spinoff of one that had targeted Apple users in the US and Japan last November. In both the Apple and Amazon campaigns, the kit makes it easy for anyone (even you!) to craft an email that looks like it comes from a major tech company, with a PDF attached. That PDF contains links to malicious sites that have been designed with great care to look like, in this most recent case, an Amazon log-in page. Anyone who falls for it will hand over the password to their Amazon account and any other on-line service that uses that same password. As with the previous Apple campaign, hackers will direct you to a web page that requests not just your name but also your birthday, home address, credit card info, and Social Security number.
The Take Away
The good news is that the this Amazon scam doesn’t appear all that clever so the usual rules for protecting yourself apply. If you get an email looks like it’s from Amazon, make sure that the message actually comes from who it claims. In Gmail you can check this by clicking on the downward arrow next to your name – if there’s a mismatch, you know it’s fake.
Also, don’t open attachments unless you’re sure it’s from someone you trust. And of course, don’t type your personal information into a website that’s not legit, which means taking a close look at that URL at the top of your browser window. If the website isn’t amazon.com – it’s not legit. Remember, don’t trust a deal that seems too good to be true—especially on Prime Day.
Stay safe out there.
Oh, and before I forget,
Be sure to tune in to INSIGHTS on PBS HAWAII on Thursday, August 1 st from 8-9pm. I’ll be live on the air with LARA YAMADA and a panel of other professionals to discuss cyber security issues that the general public should be aware of. See you then!