How to stay safe on Amazon Prime Day


Amazon Prime Day is a goldmine for cybercriminals. Here are a few tips on how to stay safe while looking for the best deals.

In the run-up to Prime Day, Amazon-themed phishing only proliferates. Held on July 12-13 this year, an annual deal event quickly turns into Amazon Crime Day as crooks exploit the inattentiveness of customers in a hurry to grab the best deal before it expires.

ADVERTISEMENT

Cybercriminals set up thousands of phishing domains to trick consumers into sharing their credentials and banking information. Phishing links can come in many different forms. For example, it can be an email saying that you've bought an expensive item and have to click on the link or call the given number to cancel it.

Are you scouting for the best deals too? We've reached out to Dave Hatter, a cybersecurity expert at IntrustIT, for a few tips on how to stay safe during this shopping holiday.

"Be skeptical! Scammers send very realistic spoofed emails that appear to be from Amazon that attempt to steal your credentials (username and password)," he told Cybernews.

Fraudsters might claim there's an issue with your order. Don't forget you probably haven't even ordered anything yet.

They might also fake Amazon's deal. If it's too good to be true, it probably isn't.

Also, note that scammers impersonate not only Amazon. You might receive a spoofed email that appears to be from UPS or FedEx, claiming there's an issue with your delivery.

A few more tips from Hatter:

ADVERTISEMENT
  • Don't click the link in any email that appears to be related to an Amazon order (or any other online order). Go to Amazon.com, log in and check your orders.
  • Enable multi-factor authentication (MFA) on your Amazon account so that even if they get your credentials, they can't log in. MFA is also called two-step verification or two-factor authentication. Even better, turn on MFA on all your accounts.
  • Install software patches and firmware updates regularly for all connected devices – computers, tablets, phones, routers, and internet of things (IoT) devices.
  • Make sure you have current operating systems.
  • Use anti-malware/endpoint protection on all devices that allow it.
  • Use a firewall.
  • Use encryption (at rest and in motion). Look for the lock icon and https:// in the URL.
  • Take a zero-trust stance – trust nothing, verify everything
ADVERTISEMENT

"Remember, just because you're paranoid doesn't mean they're not out to get you," Hatter concluded.