Watch Out for Phishing Emails Exploiting Amazon Prime Day Deals

Despite its name, Amazon Prime Day is a two-day discount campaign conducted by online retail supergiant Amazon that takes place on the 13th and 14th of October. As the world gears up for reckless shopping, security researchers warn that cybercriminals are ramping up their activity as well, aiming to make the most out of Amazon's campaign.

Amazon Prime Day is a huge deal. Within the span of just two days, the event shifted more than $7 billion worth of products in 2019. Forecasts for this year are pegging the sales to be even higher, due to the Covid-19 pandemic and the increasing preference for online shopping over brick and mortar stores.

However, with millions of people going online to buy goods on Amazon, cybercriminals are also ramping up their activity and are creating phishing websites and campaigns that attempt to abuse Amazon's brand and name. Security researchers with Bolster Research warn of a massive increase in phishing and fraudulent sites attempting to trick people thinking they are interacting with official Amazon services.

The research covers millions and millions of web pages in an attempt to find fraudulent Amazon brand name use and malicious websites. The usual goal of the criminals is to somehow lure the victim into filling out a form with their login credentials or other sensitive information.

A recent fraud was attempted using the domain amazoncustomersupport dot net (which has now been taken down, it seems) that mimicked the interface is Amazon's official site and was set up to seemingly handle products returns and order cancellations relating to Prime Day purchases.

One huge red flag that the site is a fraud is that it asked users to enter their credit card information once more - something the legitimate Amazon refund process never does, as it always refunds the money to whatever payment method and account were originally used.

Other Amazon-focused scams include a website that promises visitors free gifts - a tried and tested form of social engineering. The bait here is a free iPhone 11 Pro, but that can only be won after filling in a fake survey and then entering credit card details into a phishing form that asks for a fake $1 shipping fee. Anyone who has been using the Internet for a while and has seen dozens of similar scams should be able to smell the problems from a mile away.

There is no big secret to staying safe while shopping on Amazon this year, just like the year before. Customers just need to follow a few simple rules to stay safe.

  1. Never attempt to interact with any Amazon website that is not Amazon.com (or the respective domain depending on your territory, e.g. Amazon.ca, Amazon.co.uk, Amazon.de, etc.)
  2. Never trust random e-mails promising free gifts and expensive gadgets for fake, low shipping costs.
  3. Never call any phone numbers or follow links from suspicious e-mails or web pages that are not Amazon's official website.
  4. Never enter your credit card information in any forms that appear on pages that are not Amazon.com or the respective domain of your territory.

Those four simple rules can almost completely eliminate the risk that your credentials or credit card information will get phished out and your account emptied by a criminal on the other end of the globe.

October 9, 2020

Leave a Reply