Amazon Prime Day 2024: Cybercriminals Are Ready, Are You ...

Amazon Prime Day shopping festival is almost here. While it attracts millions of shoppers, it also attracts many cybercriminals ready to steal their personal information and money. Here are a few common types of scams and ways to protect yourself.

Amazon Prime Day is almost here. One of the year’s biggest online shopping festivals is happening on July 16 and 17. While the shopping event brings excitement to millions of consumers due to the massive deals it offers, it also brings excitement to several cyber criminals as it provides them with ample opportunities to steal consumers’ personal data and their hard-earned money.

In recent times, Prime Day has become known for its phishing scams. According to a 2023 studyOpens a new window by Check Point Research, Amazon Prime-related phishing campaigns increased 16-fold in June compared to May. The overall increase in Amazon-related phishing was 8%.

The following are a few scams that usually occur during Prime Days:

1. Fake Sites

Fake sites are some of the most common forms of scams one can come across during this shopping event. While Amazon advertises several deals, several fake websites that look like legitimate ones do the same. According to a studyOpens a new window by Check Point Research, more than 1,230 new domains associated with Amazon were registered in June 2024, and 85% of them were flagged as suspicious or malicious. A few examples of malicious sites are amazon-onboarding[.]com, amazonmxc[.]shop, and amazonindo[.]com.

Fake websites often have similar logos and designs, making them look genuine. They lure shoppers to enter their personal information, Amazon credentials, and payment details, which the scammers use to steal the money. Links to these websites can come from either emails or search results.

Several people also buy Amazon Prime memberships to take advantage of Prime Day deals. Part of this process is setting up a payment method. With such valuable information to share, fraudsters have devised various methods to trick customers into sharing their details. The Check Point Research study found that 1 out of 80 new Amazon-related domains identified as suspicious or malicious has the phrase “Amazon Prime”.

See more: HubSpot Faces Cyberattack, Approximately 50 Customer Accounts Breached

2. Phishing Emails

Phishing emails are another popular scam that targets consumers during this shopping event. Threat actors often send fake deals and security alerts that look official and legitimate, compelling recipients to download an attachment or click on links to claim a deal or address a security issue. These links, which lead to dangerous websites and attachments, are designed to steal user personal information and login credentials or exploit the device.

Talking about phishing emails and scams, Max Gannon, Cyber Threat Intelligence Manager, Cofense, told Spiceworks News & Insights, “Amazon customers should, of course, be aware of the usual phishing emails about the account needing a reset, payment information needing to be updated, and so on. What is likely to trip people up are the package notification emails that will start pouring in shortly after Amazon Prime Day, when everyone starts to expect a package.”

Kevin O’Connor, head of threat research at Adlumin, said, “Shoppers taking advantage of Amazon Prime Day savings event should be wary of potential phishing scams to steal their Amazon account login credentials and/or payment information. Adlumin has seen scams during past events and warns of a common technique where attackers email their target with a message claiming their Amazon Account has been accessed by an unknown party, device, or origin and contains a PDF file with the details. 

This email/pdf redirects users to a spear phishing site where their credentials and potentially entire browsing session with ‘Amazon’ can be captured by the attackers. This scam is made even more dangerous by the attackers, often including accurate personal information such as name, address, certain payment information such as the last digits of a credit card, or even social security number to legitimize their communications with the victim.”

Further, talking about the usage of AI in phishing scams, O’Connor said, “While Generative AI and large language models (LLMs) are being adopted by attackers across cyberspace, likely making phishing messages from some attackers less prone to common mistakes in language often giving away a scam, the threat to shoppers during Prime Day largely remains the same. The attackers aim to steal personal information, accounts, payment information or use auto-purchase, easy purchase, or saved payment information to purchase instantly delivered electronic gift cards or other digital items.”

3. Fake Customer Service Calls

Threat actors can exploit the excitement around Prime Day deals through fake customer service texts or calls. They often claim to be from Amazon or associated businesses and ask shoppers for their personal and highly sensitive information, like credit card details, to resolve issues related to their order or account.

4. Gift Cards and Unrealistic Deals

Besides these scams, some fraudsters may offer unrealistic deals on high-demand items that require immediate payment to lure consumers. This may result in receiving counterfeit products or nothing at all.

Another form of scam is through gift cards. Dr. Sean Costigan, managing director at Resilience Strategy, Red Sift, said about gift card scams, “Often, criminals trick people into laundering money via gift cards, with victims tricked into buying these under false pretenses, allowing fraudsters to launder funds swiftly and undetected.

Just recently, the FBI sent out an alert regarding an increase in activities by a cybercrime group known as STORM-0539. This threat actor targets US retail and corporate offices focusing on manipulating gift card operations. Their strategy involves phishing and SMS campaigns aimed at retail employees to gain unauthorized access to employee accounts and corporate systems within the gift card departments of national retail chains. This operation underscores the group’s financial motivations and highlights the ongoing risks to retail operations from sophisticated cyber threats.”

Dr. Costigan further cautions shoppers to watch out for too-good-to-be-true offers on gift cards.

See more: LockBit Claims Stealing 33TB Banking Information From the US Federal Reserve, Claims Proven False

Ways To Protect Yourself From Prime Day Scams

With scams on the rise during the shopping event, tech experts suggest the following ways to protect yourself:

1. Always verify emails and links

To protect yourself against phishing emails, always verify the sender’s email address and avoid clicking on suspicious links. As a thumb rule, always be suspicious of links sent on email when the sender is not within your organization or close circle. It helps to double-check with Amazon customer care if a link was indeed sent to you regarding any deals or security issues. You can also log in directly to your Amazon account through the official website for genuine offers or problems.

Further, always log in directly to Amazon’s official website to track the status of your goods instead of clicking links sent in emails.

“Honestly, just using the app is a great way to get notifications and fix problems while avoiding all of the pitfalls of emails that could be malicious,” says Gannon.

2. Learn to identify fake websites

When it comes to protecting yourself against fake websites, learn to identify them. Always check the URL for any subtle differences from the official website. Ensure that the website starts with “https:/.” Navigating to Amazon’s official website is always safer than through email ads or links.

If you plan to sign up for an Amazon Prime membership, always do so by logging into Amazon’s official website. The Prime option is in the Your Account section.

3. Avoid sharing sensitive information on the phone or text

To safeguard yourself against fake customer service texts and calls, avoid providing personal or financial information through text messages or over the phone. If you receive such a text or call, contact Amazon customer service immediately to verify issues instead of responding to these calls.

4. Always check customer reviews

Finally, always be aware of excessively cheap products and check reviews and ratings for these items before purchasing them. Stick to reputable sellers and compare prices with other websites to check if the offer is legitimate.

Further, fake reviews and ratings are a common problem on Amazon. Hence, be suspicious of extremely short reviews, generalized comments, and excessively complimentary reviews. You can use tools such as Fakespot and ReviewMeta to analyze reviews.

Conclusion

Phishing is a significant threat, hurting people by exploiting their sense of urgency to gain personal and sensitive information. These attacks peak during shopping festivals like Amazon Prime Day and Christmas due to the high volume of transactions and the urgency of deals. By staying informed and vigilant about fraudsters’ various methods of stealing sensitive information and money, you can have a safe and enjoyable Prime Day experience free from cyber threats.

MORE ON CYBERSECURITY International Law Enforcement Operation Takes Down Russian AI-Powered Bot Farm on X Evolve Bank’s Investigation Finds LockBit’s Attack Impacted Over 7.6 Million Americans Close to 10 Billion Passwords Exposed in Possibly the Biggest Leak Ever Microsoft Customer Emails Breached in Midnight Blizzard Hack