Security experts warned online buyers to be vigilant while shopping online, as cybercriminals are taking advantage of the Amazon Prime Day sale to steal sensitive information.
Computer security company McAfee stated that they’ve discovered a new version of a phishing kit, which is being observed since 2018. The new phishing kit, dubbed 16Shop, has been used by malicious actors to target Apple account holders in the United States and Japan, according to McAfee. It’s said that the new version is using to target Amazon customers for the biggest shopping day of Amazon, which is starting from July 15, 2019.
In this type of attack, the victims receive an email with a pdf file attachment that looks like an original email alert you would get from Apple, Amazon, or any other tech company. If the users click on the link in the attached pdf file, they are redirected to a fake site where they trick the user to enter sensitive information like bank account number, debit, and credit card details.
“Most phishing kits will email the credit card and account details entered on the site directly to the malicious actor. The 16Shop kit does this, too, and stores a local copy in other text files. This is a weakness in the kit because anyone visiting the site can download the clear-text files (if the attacker uses the default settings),” McAfee said in a statement. “The kit includes a local blacklist, which blocks certain IP addresses from accessing the website. This blacklist contains lots of IPs of security companies, including McAfee. The blacklisting prevents malware researchers from accessing the phishing sites.”
Meanwhile, Amazon suggested users don’t open any attachments or click any links from suspicious emails. The E-Commerce giant urged its customers to follow basic security measures while shopping.
Amazon recently suffered a fraud attack in which hackers siphoned funds from its merchant accounts over six months last year. The Seattle-based e-tailer stated that unknown cybercriminals broke into around 100 seller accounts and siphoned money into their own accounts, the Bloomberg reported. Amazon said the hack took place between May 2018 and October 2018, and it’s unclear how much money was stolen in the incident.
According to Amazon’s legal team, the hackers managed to alter account details on the Seller Central platform to their own at Barclays Plc and Prepay Technologies Ltd. It’s believed that the accounts were compromised by using phishing techniques that deceived sellers into giving up sensitive information. Amazon stated that its investigation is still ongoing and asked the London judiciary for approval of searching the accounts of hackers.