Amazon Prime Day 2022, an annual deal event on July 12-13 exclusively for Prime members, is a goldmine for phishers.
Amazon Prime Day might quickly turn into Amazon Crime Day for inattentive consumers, given that criminals are particularly active when millions of people scout for ridiculously good deals.
Cybersecurity experts repeatedly warn that if something sounds too good to be true, it probably isn’t. But with shopping events like Amazon Prime Day, good deals turn out to be true, and criminals capitalize on the consumer rush to grab the deal before it’s over.
Amazon is already among the top most impersonated brands. In the run-up to Prime Day, Amazon-themed phishing only proliferates.
An uptick in phishing
The Check Point Research witnessed a 37% increase in daily Amazon-related phishing attacks compared to the daily average in June. The team has discovered almost 2,000 new domains containing the word ‘Amazon,’ and one in ten was risky.
Last year, Check Point Research reported over 2,300 Amazon-related domains, with 78% being either suspicious or malicious.
“With a major spending holiday around the corner, phishers are at it again, trying to steal credentials and money,” Avanan, a Check Point company, said in a blog post on Monday.
Starting in June 2022, Avanan researchers have seen an uptick in spoofed Amazon attacks. Threat actors are trying to steal credentials in the hopes that users will think it’s real Amazon emailing.
Common attack scenario
In this attack, described in the blog post, hackers dangle the promise of a sizable Amazon gift card if the user takes a survey.
From there, the link leads to what looks like the beginning of the survey. The survey page is different from what was suggested in the original email.
Eventually, the user is asked to enter their email and password to continue.
“This particular attack starts by utilizing Amazon’s name and credibility. When a user sees an email that appears to come from Amazon, they are more likely to trust it. The subject line, which refers to recent deliveries, is also something that seems plausible,” Avanan noted.
However, when hovering over the survey link, end-users will notice that the URL is not Amazon’s. The survey page mentions different deals to complete, which wouldn’t happen on Amazon.
“With Prime Day, Avanan researchers expect these attacks to spread like wildfire, making it even more important for users and companies to be on guard,” Avanan said.
The phishing links can come in many different forms, not only surveys. It might be an order confirmation – the email says that you’ve bought an expensive item and have to click on the link or call the given number to cancel it.
Scammers are in love with Amazon and are flooding inboxes with phishing emails. In many cases, the email doesn’t even contain a malicious link, as many fraudsters have switched to low-tech scams and will try to extract user credentials during a phone call.
How to protect yourself
Social engineering is an emotional game. Criminals manipulate our perceptions and feelings to trick us into doing something for their benefit. They are trying to disturb our thinking process through the OODA loop. OODA is a model for decision-making and stands for observing, orienting, deciding, and acting.
When scammers call you or send you an email, they always want you to take immediate action. You will not hear them say, 'reply whenever it's convenient to you' or 'at your earliest convenience.'
Probably the best advice here is to step back and take a moment to think so that you can make an informed decision. You can still make a mistake, but at least it will be an 'informed mistake.’
There are several simple things recipients can do to stay safe. Take a closer look at a sender's email address to confirm that the message comes from the branded company that seems to be sending it.
Even if a recipient makes the phone call to a fake sender, it is critical not to give sensitive personal information (e.g., banking information, social security number, date of birth) over the phone.
Another simple remedy is going straight to the website and checking your order history, which will likely not include the one referenced in the fraudulent email.
More from Cybernews:
Subscribe to our newsletter