Amazon Prime Day is just about here, and the massively popular online-shopping event, which happens Monday but has already sparked teaser deals, probably won’t go unnoticed by hackers. You should be very careful if you get an email that claims to be from Amazon, or you might wind up getting tricked into giving away log-in data and financial info.
On Friday, security company McAfee called attention to a phishing scam it first discovered in May that targets Amazon account holders. Based on an earlier phishing package called 16Shop that was originally aimed at people with an Apple account, the Amazon Phishing Kit lets hackers send you a bogus email masquerading as a missive from Amazon. McAfee says links in these emails point to equally bogus Amazon pages designed to fool you into entering sensitive information like your username and password.
So what can you do? Well, it’s probably best to be paranoid and play it safe. Phishing emails like these come in a variety of forms, but one popular ploy is to “warn” you of account changes or other potentially worrisome activity. Don’t fall for it. And don’t — we repeat, don’t — start thoughtlessly clicking links. Here’s McAfee’s advice:
“We recommend that if users want to check any account changes on Amazon, which they received via email or other sources, that they go to Amazon.com directly and navigate from there rather than following suspicious links,” the company said in its blog post about the Amazon Phishing Kit.
And here’s our guide to how to spot a phishing email. Be careful out there. And happy shopping.