Social engineering attacks take center stage on Amazon Prime Day 2024

A whopping 85% of 2024 domains associated with Amazon were flagged as malicious or suspicious.

Amazon Prime Day, which falls on July 16th-17th, can be a great way to save on some of your favorite Amazon items. However, while you shop, cybercriminals lurk in the background, waiting to steal your credentials.

While you bag the best deals, cybercriminals are working hard to siphon your personal information, which will be used for nefarious purposes.

Through phishing and other social engineering attacks, cybercriminals will attempt to steal your usernames, passwords, and even financial information by creating false web pages masquerading as official Amazon websites or by sending malicious emails.

This stolen information could then be used to defraud you by accessing your bank accounts and potentially hacking into your accounts if you have a habit of reusing usernames or passwords and don’t employ multi-factor authentication (MFA).

Malicious Amazon sites

Check Point Software Technologies (Check Point), a cybersecurity solutions provider, shared that the number of fake domains associated with the Amazon brand has increased alarmingly.

During June 2024, there were over 1,200 new domains and the majority of them (85%) were malicious in nature.

The company provided a few examples of fraudulent Amazon websites to avoid this Prime Day, as they only work to harvest your information:

  • amazon-onboarding[.]com: this is a brand-new domain designed to steal carrier-related credentials
  • amazonmxc[.]shop: this shop masquerades as Amazon Mexico and has a similar layout. However, fraudsters collect your login details when you type them in.
  • amazonindo[.]com: similar to the fake Amazon Mexico domain, when you input your credentials in the top right-hand corner, scammers collect them.

The cybersecurity solutions company identified 25 false domains that are used to siphon personal information from users.

Amazon Prime Day is an extremely popular event that attracts millions of users worldwide, meaning that more and more people have the potential to be scammed this Amazon Prime Day.

Check Point said that in 2023, Prime members bought approximately 375 million items worldwide and saved roughly $2.5 billion on a multitude of deals.

However, this opens the door to different types of social engineering attacks, which are becoming increasingly convincing.

Phishing attempts

There are various examples of phishing attacks and social engineering attacks. However, Check Point flagged two separate attempts to scam users out of their personal information by claiming their accounts would be suspended or blocked.

The phishers create a sense of urgency, prompting the user to make a hasty decision without properly considering it.

The fake Amazon website then prompts users to input their usernames, passwords, or bank information.

How to avoid scammers

Avoiding scammers this Amazon Prime Day should be relatively easy if you follow these steps:

  • Check URLs: make sure that the URLs go to a legitimate website. Be wary of misspellings in the URL or if sites are using a different top-level domain.
  • Use strong passwords: to avoid being hacked, make sure you use strong passwords for your Amazon account (and any account).
  • Employ Multi-Factor Authentication (MFA): in conjunction with strong passwords, use MFA, such as biometric authentication, to help secure your accounts.
  • Spot the HTTPS: make sure you check that the URLs start with “https://” as this protects data sent between the web browser and the website, making for a secure browsing experience.
  • Avoid sharing personal information: try to keep as much of your personal information offline as possible, especially sensitive information like your Social Security number, date of birth, and financial information.
  • Think before you click: when receiving an email or a link, verify that it’s legitimate, and don’t click on it immediately, as it may be malicious.
  • If it’s too good to be true, don’t fall for it: avoid suspicious offers, deals, and benefits by trusting your gut. If it feels too good to be true, it probably is.
  • Use credit cards over debit cards: credit cards offer a layer of protection when making payments online as they offer increased protection and limited liability if credentials are compromised.