An Amazon Phishing Scam Hits Just In Time For Prime Day


Amazon has confirmed that Prime Day 2019 will begin at 12 a.m. PT on Monday, July 15 and conclude at 11:59 p.m. PT on Tuesday, July 16.

However, keep a weather eye out for Prime Day-themed phishing campaigns that might hit your organization.

Wired reported that "Researchers from security company McAfee today have shared details of a so-called phishing kit, which contains the tools an aspiring hacker would need to kick off a phishing campaign, designed to target Amazon customers. While McAfee discovered this particular kit in May, it appears to be a spinoff of one that had targeted Apple users in the US and Japan last November. The kit is called 16Shop; its author goes by the handle DevilScreaM.

16Shop makes it easy for anyone to craft a phishing email email

"In both the Apple and Amazon campaigns, 16Shop makes it easy for anyone to craft an email that looks like it comes from a major tech company, with a PDF attached. That PDF contains links to malicious sites that have been gussied up to look like, in this most recent case, an Amazon log-in page. Anyone who falls for it will have given up the keys to their Amazon account, and any other service for which they reuse that same password. As with the previous Apple campaign, those links direct victims to a page that requests not just their name but also their birthday, home address, credit card info, and Social Security number.

The use of major brands looks to leverage the subconscious lever of authority

“The use of major brands looks to leverage the subconscious lever of authority to invoke user interaction,” says McAfee chief scientist Raj Samani. At the very least, interest around the Amazon phishing kit appears high. McAfee says that DevilScreaM set up a Facebook group to sell licenses and provide product support—like any good software startup—nearly two years ago.

By November 2018, the group had 200 members. As of last month, it had topped 300 members and 200 posts. And McAfee has identified over 200 malicious URLs—that start deceptively with verification-amazonaccess, verification-amaz0n, and so on—associated with the phishing kit. It’s unclear how many people have actually fallen for the ruse, but fair to say that business is bustling.

McAfee notified Facebook that the 16Shop group exists, but as of Thursday night the social network had not yet taken it down. Facebook did not return a request for comment. WIRED has the story:

For KnowBe4 Customers, we have a phishing template in the System Templates. Search for 'Prime Day" and the right one will pop up.

Free Phishing Security Test

Find out what percentage of your employees are Phish-prone™

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page 
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews