The curtain has fallen on Amazon Prime Day, one of the biggest online-shopping events which has sparked countless deals. Your inbox might have been bombarded with emails from Amazon, such as Sold, Ship Now emails or Technical Notification emails. However, some emails in disguise were not really from Amazon; instead, they were attempts to steal your sensitive information. Some users who did not use caution or had not learned about Baits Used in Phishing Emails might have unfortunately fallen into the traps.
How phishers set traps for Amazon customers?
“Amazon is one of the top 20 companies implicated in phishing attempts,” Webroot’s Annual Threat report shows. A security company McAfee discovered in May a particular phishing kit called 16Shop. It offers ambitious hackers tools to launch a phishing campaign targeting Amazon account holders.
Specifically, malicious spoofers with 16Shop can send out emails which appear to come from Amazon itself. Moreover, the fake emails have PDF attachments including links that guide victims to bogus Amazon pages. If you are not prudent enough, you may enter your log-in data and even financial information.
Devastating results of the scam
The giving away of your sensitive data may cause some detrimental effects. Once the attackers gain access to your personal information in your Amazon account like your full name, home address, birthday, credit card information and even your Social Security number, they probably use the data to commit identity fraud or credit card fraud.
How to be a smart fish on Amazon Prime Day?
Cybercriminals not only deploy major brands like Amazon to make their emails look more authoritative and convincible, but make use of such “popular, highly visible events” as Amazon Prime Day when their forged emails can hide among the clutter of emails without being suspected. So, how can you avoid taking the baits cast by the more and more clever phishers?
To begin with, you can’t be too vigilant and cautious when reading emails from or ostensibly from Amazon. Check whether the email address is from @amazon.com before you click it. Never click on a link in an email, instead you should visit the official site by typing Amazon.com into your browser (Amazon has provided a detailed instruction on how to tell suspicious emails or webpages, for more info, click here). In addition, you can set up two-factor authentication which requires a unique security code apart from your account password on new devices and thus better defenses your account.
Nevertheless, even Homer sometimes nods. You may unconsciously ignore some cousin sender addresses and links (which are highly similar with the real ones). That’s why you need help from experts. Mr. Post, an add-in for your Outlook, can not only visualize the email route, unveil the real sender and tell whether it’s legitimate or suspicious, but can recognize the fake link even under ZeroFont – something popular in dodging Microsoft’s scam filtering.