Amazon Prime Day is easily one of the most popular shopping days of the year.

Unfortunately, that means it’s becoming one of the hottest opportunities for hackers to target unsuspecting online shoppers. Their goal? To steal personal data or financial information.

McAfee Labs has even uncovered a readily-available phishing kit designed to help cybercriminals steal personal information from Amazon customers in the US.

The kit allows hackers to create bogus emails that look like they’ve originated from Amazon. These emails prompt users to share their login credentials — but of course the form used to collect this data is also malicious. Once the victim submits their login, the hackers can use the victim’s account to make fraudulent purchases and to steal their saved credit card information. According to researchers at McAfee Labs, this phishing scam has already distributed over 200 malicious URLs to eager Amazon shoppers.

The phishing kit is being sold rather openly through a Facebook group with over 300 members. McAfee has notified Facebook of the activity, and the social network is active in shutting down these types of groups.

How does this threat affect your Prime Day shopping plans? Follow these security guidelines to help you avoid malicious cyberattacks:

  • Beware of compelling deals. If you see a Prime Day ad that looks too good to be true, chances are that the ad is a scam.
  • Be mindful of what you’re clicking. Think twice about ads shared on social media sites, emails, and messages sent to you through platforms like Facebook and Twitter. If you receive an unusual email or PM regarding Prime Day, it’s best to avoid interacting with the message.
  • Never enter your login details after clicking an email link. In most cases, you shouldn’t be clicking email links at all. If you happen to slip up and click a link that leads to a login page, leave immediately.
  • Don’t trust discount codes. If you get a discount code in your email inbox, verify it through directly rather than clicking on any links. Hackers will always try to get you excited about an offer so you click before thinking.

If you have any reason to think that your Amazon Prime account has been hacked, take the following steps:

  • Change your passwords. Change the passwords to any accounts you suspect may have been compromised. Make sure they are strong and unique. If you use the same login and password on any other platforms or accounts, change those as well.
  • Watch your bank account. One of the simplest ways to determine whether someone has stolen your credit card information is to monitor your bank statements. If you see any inexplicable charges, report it to the authorities immediately.

As always, be cautious with incoming emails — phishing is everywhere. To stay updated on all of the latest consumer and mobile security threats, follow NCC on Facebook and Twitter.