Amazon Prime Day Phishing Scam Creates Login Prompts in PDF Docs

Hackers have released a new do-it-yourself kit that allows people to easily put together phishing scams targeting Amazon users. Phishing email scams look to create authentic-looking web pages to trick users into logging in with their credentials, thus revealing their login details to scammers.

McAfee first noticed the so-called 16Shop phishing kit in action in November, when it was being used to create fake emails, supposedly from Apple, trying to gain access to people’s Apple accounts. The scam let hackers create a realistic-looking Apple sign-in page to steal your login credentials.

For Phishing scams, we normally tell you to examine the URL of any landing pages to make sure they look legitimate. We also advise you to only login to sites at their official domains, rather than through one linked by an attachment.

In this case, the login prompt is being generated to open a protected PDF document, no URLs are being displayed, and you were told that this would happen.

This is why in addition to checking the landing page URLs you always need to check the sender to make sure they match up with a legitimate domain and one that corresponds with the email you received.

When it comes to tax documents, you should be even more vigilant and reach out to the sender to confirm they sent you sensitive information via email.

Reference:

https://www.bleepingcomputer.com/news/security/clever-amazon-phishing-scam-creates-login-prompts-in-pdf-docs/