Amazon Prime Day sale could be targeted by phishing kit ‘16Shop’: McAfee
This phishing kit had first targeted Apple users. McAfee researchers also found it targeted Amazon users in May this year.
Ahead of Amazon Prime Day (July 15-16), McAfee Labs researchers have warned that bad actors could use a phishing kit dubbed "16Shop" to target customers of the retail giant.
The same kit was earlier found to be used to target Apple users.
"The author of the kit goes by the alias DevilScreaM. We gathered lots of information on this actor and found that this individual was involved in the Indonesian hacking group 'Indonesian Cyber Army.' Several websites were defaced by this group and tagged by DevilScreaM in 2012," security researchers Oliver Devane and Rafael Pena wrote in a blog post on Friday.
The McAfee Labs researchers said that they found a new phishing kit targeting Amazon account holders in May 2019.
Looking at the code of the kit, they discovered that the kit shows similarities to the 16shop kit that targeted Apple users back in November 2018. Malicious actors used this kit to target Apple account holders in the US and Japan. Typically, the victims receive an email with a pdf file attached.
When the victims click on the link in the attached pdf file, they are redirected to a phishing site where they will then be tricked in to updating their account information, which often includes credit card details. The same kit is now being used to target Amazon account holders.
"Around the same time that we discovered the Amazon Phishing Kit, the social media profile picture of the actors we believe are behind 16shop changed to a modified Amazon logo. This reinforces our findings that the same group is responsible for the development of the new malicious kit," the researchers wrote.
"We believe that victims of this kit will be led to the malicious websites via links in phishing emails.
"We recommend that if users want to check any account changes on Amazon, which they received via email or other sources, they go to Amazon.com directly and navigate from there rather than following suspicious links," Devane and Pena wrote.