Cybercriminals are never hesitant to try and take advantage
of a big event and Amazon Prime Day is no exception.With every interaction being made online during the 48-hour
sale starting on July 15, infosecurity experts are putting out warnings on how
to avoid being scammed.“The increased internet traffic to a specific site with the
exchange of payment information makes this an easy crime of opportunity for
hackers. They know when and where consumers will be, and the type of
information shared,” said Francis Dinha, CEO of OpenVPN.
Email scams are one of the prime methods criminals use to steal information from the unwary at all times of the year, but McAfee is reporting that the 16Shop phishing kit has already been altered and been in the wild since May targeting Amazon account holders. The kit first cropped up last fall when it was used to go after Apple customers. The modus operandi has it sending an email claiming their account information needed to be updated, but instead sent the victim to a fake site where their information was stolen.McAfee found it has now been updated with an Amazon logo and text and is perfectly suited to fool Prime Day shoppers.Rick McElroy, head of security strategy for Carbon Black, noted three basic steps anyone can take to determine if an email is part of a scam. Regardless of whether the sender’s name looks legit check for spelling and grammatical errors along with containing odd URLs; view any request for personal or financial information as a potential red flag; only download attachments from a trusted source as a malicious document can contain malware.Additional dangers through email, third-party product
vendors and websites also exist. Monique Becenti, product and channel specialist
for SiteLock said consumers need to be aware of coupons, gift cards and
ensuring they go directly to Amazon and not through links. Becenti pointed out
that some coupons could in fact redirect a victim to a malicious site, one that
might look legit, but in fact is set up to steal information.“When shopping, it’s highly recommended to access Amazon’s
website directly through the browser – not through your email or a third party;
use two-factor authentication, use a credit card when shopping, and do not
process your transaction on a public Wi-Fi connection,” she said.In the same manner local fire departments suggest replacing
smoke alarm batteries when the clocks change for Daylight Saving Time, it’s
also a good to use Amazon Prime Day as a reminder to change your account
password, said Safe Smart Living. And as an added safety measure it suggests turning
on two-factor authentication at the same time.
Organizations and individuals have been warned by the FBI's Denver office regarding the increasing prevalence of scams that use fake online file converter sites to facilitate the spread of malware, ransomware, and other malicious payloads, CBS News reports.
Attackers, tracked under the UAC-0200 threat cluster, leveraged the Signal messaging app to deliver messages purportedly containing minutes of the meeting reports as archive files.
Attackers eventually used YouTube and Discord to promote the bogus cracked software downloader ArcanaLoader to facilitate the distribution of Arcane malware.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
