Amazon Phishing Campaign

Shortly before Amazon Prime Day, McAfee researchers discovered a phishing kit dubbed “16Shop” from DevilScreaM. The kit contains tools to target Amazon customers with marketing and advertisement emails for the upcoming popular event. DevilScreaM uses a Facebook group to sell licenses and provide support for the phishing kit. The phishing emails included in the kit appear to be from a major tech company containing a PDF attachment with a malicious link that, if clicked, directs the user to a fraudulent Amazon login webpage. If account credentials are entered and submitted, they are sent to the threat actors. The NJCCIC recommends users avoid clicking on links and opening attachments within unsolicited or unexpected emails, even those appearing to be from known senders. Users are advised to, instead, navigate to websites by manually typing the URL into the address bar of their browser. We advise users to refrain from responding to the email as this confirms delivery of the phishing email to the threat actor. Additionally, educating users about this and similar threats can reduce victimization. Additional details may be found in the Wired post.