Phishing attacks and hacker-controlled domain registrations are surging as Amazon Prime Day draws near, Check Point said in a blog post on Wednesday, June 5.
Prime Day, scheduled for June 11 to June 12, is Amazon’s biggest sale event, and cybercriminals are looking to cash in on it. The Check Point Research team found a 16-fold increase in Amazon Prime-related phishing attacks in June compared to May.
“During this period, there were almost 1,500 new domains related to the term “Amazon” of which 92% were found to be either malicious or suspicious,” Check Point said.
On Friday, the Better Business Bureau (BBB) also warned that cybercriminals will leverage Amazon Prime Day to scam unsuspecting victims. The BBB cautioned shoppers to be on the lookout for Prime Day scams like phishing links, fake websites, and misleading ads.
Scammers are Impersonating Amazon Prime in Phishing Attacks
Check Point’s blog post detailed how cybercriminals mimic Amazon and craft convincing messages to trick recipients into sharing personal or financial details.
“Cybercriminals are leveraging this festive shopping occasion by carrying out phishing attacks, preying on unsuspecting shoppers,” Check Point said.
Check Point showed examples of phishing emails designed to steal credentials like credit cards and Amazon Prime account details. The emails, which look like they were sent from Amazon, direct victims to click on malicious links.
In one instance, “The website redirected the user to a fraudulent Amazon payment page that looks like the real site with minor changes (For example, “Cvv” instead of “CVV”).In the malicious link, the user needed to enter credit information. The link is currently inactive,” Check Point explained.
Shopping Safely on Amazon Prime Day
The U.S. is a prime target for cybercriminals. With over 60,000 items purchased per minute on Prime Day in 2022, threat actors will be eager to use this popular sale event to snare potentially gullible targets. The credentials stolen in phishing attacks are often sold on the dark web. A recent study by NordVPN revealed that a large percentage of stolen card details on the dark web come from the U.S.
Check Point offered security recommendations to enable shoppers to spot and avoid falling victim to Amazon Prime Day scams. Among other things, the researchers recommend inspecting the domain of the website you’re shopping on and ensuring it’s Amazon.com.
The report warns users to beware of bargains that seem too good to be true.
“This will be tough to do, as Prime Day is all about great offers. But, if it seems WAY too good to be true, it probably is. Go with your gut: an 80% discount on the new iPad is usually not a reliable or trustworthy purchase opportunity,” Check Point said.
The researchers also recommend creating a strong password for your Amazon account and sticking to credit cards.
“During Prime Day, it is best to stick to your credit card. Because debit cards are linked to our bank accounts, we are at much higher risk if someone is able to hack our information. If a card number gets stolen, credit cards offer more protection and less liability,” Check Point said.
VPNOverview recommends you only buy from sites you know and trust. Check for a padlock in your browser’s URL bar, and look through your bank statements regularly for unusual activity. For additional protection, we recommend using a VPN when shopping online. A VPN encrypts your internet traffic, protecting you from hackers, scammers, and other malicious parties. For more tips, read our comprehensive shopping safety guide.
Follow VPNOverview on Twitter for the latest cybersecurity news!
