Attackers prepare the best malicious Amazon Prime Day's deals


Buyers beware as phishing gangs come up with “better deals” than Amazon’s Prime Day. At least 170 new scam websites are ready to be deployed.

Amazon Prime Day is an annual deal event aimed exclusively at Prime members. It falls on July 11-12th this year and is a highly anticipated event for online shoppers. It’s also a prime (no pun intended) opportunity for cybercriminals to exploit unsuspecting users.

Similar to previous years, the cybersecurity experts at Veriti are witnessing a surge in phishing campaigns aiming to deceive users and steal their valuable credentials.

ADVERTISEMENT

Social elements are often involved in bringing unsuspecting victims to a malicious site. Adversaries mostly use PDF-based attacks, spear phishing, malicious apps that impersonate legitimate Amazon apps, and lookalike domains.

At least 170 domains have been deployed by scammers hoping to deceive unsuspecting Amazon buyers. To stay safe, shoppers will need increased awareness and take proactive measures.

“Stay vigilant against PDF-based attacks, be cautious of suspicious emails, and verify the legitimacy of websites before sharing sensitive information. Furthermore, download apps only from official sources and review app permissions to ensure your privacy and security,” Veriti writes.

Let’s look at the four main methods cybercriminals are using this year:

1. PDF-based offers

One prevalent method that cybercriminals employ during Amazon Prime Day promotions involves sending emails with PDF files as attachments.

These files bear innocent-sounding names like "Amazon Prime Learning English Recommendations," or "Axis Bank Credit Card Amazon Prime Offer," and are designed to appear legitimate.

However, upon opening the PDF, unsuspecting users are directed to phishing websites. Those are meticulously crafted to mimic the official Amazon login page.

ADVERTISEMENT
PDF malicious offer

The attackers employ AI-generated text, such as ChatGPT, to make the phishing sites look convincing.

Cybercriminals then collect the credentials that naive users unknowingly provide.

2. “The last email” before annual membership renewal

Targeted spear-phishing attacks are among the most successful forms of acquiring confidential information.

A particularly alarming campaign has recently emerged involving phishing links embedded directly within emails, along with a docx file containing a trojan.

The emails are skillfully designed to resemble legitimate communications from Amazon, enticing users to take immediate action.

For instance, subject lines like "Cancel Your Amazon Prime Membership Before the Annual Renewal" are used to trigger a sense of urgency.

Email based phishing

Upon opening the attached docx file, users unwittingly unleash trojan malware disguised within the seemingly harmless document, where it infiltrates the victim's system and grants unauthorized access to attackers.

ADVERTISEMENT

That allows attackers to compromise sensitive information, monitor activities, or even gain control over the infected device. Additionally, clicking on the provided links takes users to fraudulent websites closely resembling the official Amazon page.

If users enter their credentials, they unknowingly hand them over to the attackers.

This massive two-pronged spear-phishing campaign is growing rapidly, with hundreds of users falling victim to it every day.

3. Lightning deals in “this malicious app”

In addition to email attachments, adversaries capitalize on the widespread use of mobile devices for online shipping. They create malicious apps that closely impersonate legitimate Amazon services, exploiting users' trust in well-known brands.

Malicious application

Once installed, malicious apps can snoop around user files, compromising their privacy and potentially leading to data theft. They usually gain excessive permissions, such as recording audio, sending SMS messages, accessing precise location, accessing the camera, reading contact data, and unauthorized access to users’ devices.

Malicious application

4. Hundreds of websites just like Amazon

Cybersecurity researchers are concerned about the proliferation of lookalike domains. Attackers create hundreds of websites that closely resemble official Amazon domains. The websites are intended to deceive users into sharing their sensitive information and pose a significant threat to unsuspecting buyers.

ADVERTISEMENT

Veriti collected a list of at least 170 domains. These websites are still under construction and are likely to be used in phishing attacks related to Amazon Prime Day. All domain names include variations of the Amazon brand name.

malicious domains

You can also check out one of last year’s most common attack scenarios – hackers promising a sizable Amazon gift card for participating in a fake survey.

Social engineering is an emotional game. Criminals manipulate our perceptions and feelings to trick us into doing something for their benefit. Usually, scammers want their victims to take immediate action.

There are several simple things you can do to stay safe. Firstly, take a closer look at the sender addresses to confirm that emails are actually coming from the branded company that claims to be sending them.

Secondly, it’s critical not to give sensitive personal information (e.g., banking information, social security number, date of birth), especially if a recipient is persuaded to make a phone call to a fake sender. Another simple remedy is going straight to the original website without clicking any links. Also, before entering any credit card details, check your order history, if it matches your original purchases.