July 12th is the second day of Amazon Prime Day which is odd to say. Amazon really should change the name for the two day event to Amazon Prime Days. Amazon Prime Day is a global promotion of Amazon featuring sales on a variety of items available solely to Amazon Prime members. There is always great interest in Amazon Prime Day and as with everything else that attracts great interest by the public, it also attracts great interest by scammers who are eager to take advantage of people participating in Amazon Prime Day.
The security company McAfee identified a phishing kit specifically tailored for Amazon customers. This kit is called 16Shop and its creator uses the alias DevilScreaM. Following the business model of the creators of much of today’s malware, DevilScreaM makes his or her money by leasing the malware created by him or her on the Dark Web to other less sophisticated cybercriminals. The Dark Web is that part of the Internet where criminals buy and sell good services. The 16Shop malware can be used to create an official looking email that appears to come from one of the major tech companies. This email comes with a PDF attached that appears to be an Amazon log-in page. Anyone who falls for the scam and provides his or her Amazon password and account information will have turned over that information to a scammer who will use it to buy items that will be charged to the credit card of the Amazon account holder.
Much of malware including ransomware comes as links in phishing emails or tainted attachments. As a general rule you should never click on links or download attachments that come in emails unless you have absolutely verified that the email is legitimate. You also should never provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication is legitimate.
Phishing emails and more specifically tailored spear phishing emails can often appear quite legitimate initially so it is important to be skeptical. Because Amazon Prime Day is now going on, many people expect emails from Amazon which is even more reason for you to be skeptical. Trust me, you can’t trust anyone. Check the email address of any communication that appears to have come from anyone to make sure that it is the real email address. Many phishing emails come from email addresses that have no relation to the real email address of the company they purport to be while others look very legitimate unless you carefully examine the email.
When going to what purports to be an Amazon page, the URL should begin with “Amazon.com.” To be sure that you are actually on the real Amazon website, you can check the domain name to make sure that it is not a counterfeit by going to the website https://www.whois.com/whois/ where you can type in the domain name and learn who actually owns it. If your Amazon website appears to be owned by someone in Nigeria, for example, you know you have a problem. The security company Check Point recently identified 1,500 counterfeit Amazon websites.
It is also important to remember that you should not use your debit card for anything other than as an ATM card. Use your credit card for online and offline purchases because the law protects you much more from fraudulent purchases than a debit card does. If you do not promptly report misuse of your debit card, you could potentially lose the entire bank account tied to your debit card while the maximum liability for misuse of your credit card is only fifty dollars and most credit card companies don’t even charge you that amount.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in our email address on the tab that states “Sign up for this blog.”