Watch Out for This Amazon Prime Day Scam

It's almost Amazon Prime Day, and that means it's open season for scammers and phishers to prey on bargain-hungry shoppers. Security firm McAfee today (July 12) revealed that a phishing campaign has retooled its previously Apple-based scam to now focus on Amazon.

Amazon Prime Day 2019

(Image credit: dennizn/Shutterstock)

The scam, called "16Shop" after the software the phishers use, begins with an email telling you that your account  has problems. There's an attached PDF file, and if you open that and click a link within the PDF, you'll be taken to a very real-looking Amazon login page on a malicious website.

Of course, if you log into the page, the crooks steal your login credentials and can use them to hijack your account. They may get greedier and ask you to confirm your name, date of birth, address, account number and credit-card number, including the security code -- the full Monty of identity theft.

Needless to say, Amazon or Apple would not ask you all this information as the result of a link in an emailed PDF. Anything that behaves this way is a scam. 

To prevent your account being hijacked, be sure to turn on two-factor authentication for your Amazon and Apple accounts, and any other account that offers a 2FA option: Dropbox, Facebook, Microsoft, Twitter and more. If possible, opt for an authenticator app rather than a texted code as the second factor, as text messages can be spoofed.

MORE: 11 Ways to Stay Safe When Shopping Online

The 16Shop campaign was started in the fall of 2018, and is still primarily run, by an Indonesian hacker who calls himself "DevilScreaM" and sometimes even uses what may be his real name. He runs a private Facebook group to sell licenses and provide tech support for the software. (Professional cybercriminals often market and support their products like any other software maker.)

But the 16Shop software, which automates the creation and sending of phishing emails and booby-trapped PDFs in at least 10 different Asian and European languages, has been cracked, cloned and redistributed by other criminals. There's even one pirated version that steals from the thieves, secretly sending all funds collected to a hidden email address unknown to the phisher using the software. 

The Amazon variant of 16Shop appears to be the "real" thing, in as much that the Facebook account thought to be controlled by DevilScreaM has changed its avatar to a modified Amazon logo. Any crook owning a license to the "real" 16Shop will now be targeting Amazon accounts instead of Apple ones.

This won't be the only scam targeting Amazon shoppers on Prime Day, which will actually be two days this year, June 15 and 16. Nor will Amazon shoppers be the only ones targeted, as Best Buy, eBay, Macy's, Target and Wal-Mart plan to offer their own sales for what's turning out to be Christmas in July for U.S. -- and now also Australian and U.K. -- retailers. 

So beware messages that promise great deals that skirt the edges of belief. Emails are the tried-and-true vehicle of choice for scammers, but other methods work too. Text messages, pop-up windows in web browsers, and even Facebook, Instagram and Twitter postings and direct messages can all be used to lure eager shoppers to phishing websites.

Again, if it seems to good to be true, it probably isn't true. And if your curiosity or thirst to get a good deal overwhelms your common sense, at least do yourself the favor of NOT clicking the link in the message. Instead, use a web browser to go to the retailer's website to see if that great deal is for real.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Sales Events
Photo of patio furniture
Hurry! Save up to 50% off patio furniture and accessories
Outdoor patio furniture
Wayfair's spring sale knocks up to 80% off patio furniture — 11 outdoor deals I'd shop for my home
The LG C4 OLED and the Sony Bravia 9 against a colorful background next to a badge that reads: "Tom's Guide Killer Deal"
Amazon Big Spring Sale TV deals — shop Sony, Samsung, LG, and more starting at $309
Amazon Echo Deals
Huge Amazon Echo sale live from $29 — 11 smart home deals I'm shopping now
Lenovo Legion 5i gaming laptop on a desk with a killer deal tag superimposed
Hurry! Snag this RTX 4070 gaming laptop for $400 off before it sells out
LG G4 OLED with deals tag
Not a typo! LG's G4 OLED TV is $800 off right now for Amazon's spring sale
Latest in News
Apple Watch Ultra 2
Apple Watch Ultra 3 just tipped for two major upgrades
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
23andME box
23andMe has declared bankruptcy — here's how to delete your data now