Amazon wants you to spend a lot of money on Prime Day, but they’re not the only ones. A report from Wired explains there’s a big scam called 16Shop trying to trick people. This scam wants people to give their names, birthdays, credit card info, and social security numbers for fake Prime Day deals.
McAfee shared in a blog post that 16Shop first started by targeting Apple account holders. These people got an email with a PDF file. The file looks like this:
When they clicked the link in the PDF, it took them to a page that looked like it was for signing into their Apple account, but it wasn’t real. The sign-in page looks like this:
Now, 16Shop is doing something similar with Amazon. They send emails trying to get people to go to a fake Amazon sign-in page. Remember, these pages are not real.
How to not get suckered by phishing emails
If you get an email that looks strange, or it asks you to open an attachment, do not open it. Do not click any links in the email. Do not give out personal information that you usually wouldn’t need to give when signing into accounts like Amazon or Apple.
If you or someone you know isn’t great with technology and needs help, here’s a simple checklist to avoid falling for a tricky email:
Check who sent the email: Your email might say a message is from “Amazon,” but check the actual email address it came from. On Gmail, you can click the little arrow next to the “to me” line under the sender’s name to find this. Look at the “From:” line. If the email doesn’t end with “@amazon.com,” it might not be from Amazon.
When in doubt, ignore it: If a company really needs to contact you, they will send another email. You can also call their customer service to check if they are really trying to reach you.
Ask a tech-savvy friend: If you’re not sure about an email, show it to a friend who knows a lot about technology. They can help you see if that email really is from Amazon or not.
Don’t open attachments if you weren’t expecting one: If you get an email attachment you weren’t expecting, be careful. Think about it: why would Amazon send you a PDF instead of just writing in an email? If the attachment looks odd, don’t open it.
Hover your mouse over hyperlinks: When you see a link in an email, don’t just click on it. Move your mouse over the link without clicking to see where it really goes. If the link says it’s from Amazon but points somewhere strange, it’s not really from Amazon. This is a simple, but effective trick.
Look at your browser’s address bar, not the website on the screen: When you click a link, look at the top of your web browser where the website’s address is shown. Even if the page looks real, the web address might tell you it’s fake. For example, if it says something like amazon.scam.com, that’s not the real Amazon site.
Use a password manager to keep your login information safe. This helps you use different, complicated passwords for different sites. If scammers get your password from one site, they won’t be able to use it on other sites.
Think about what information you usually give. If you always log into Amazon with just your username and password, and Amazon has your credit card saved, why would they ask for your full credit card number or social security number again? Be very suspicious if this happens.