Phishers, scalpers, and porch pirates ready to ruin your Amazon Prime Day


All the best deals grabbed by scalper bots, bad deals camouflaged by fake reviewers, fake deals offered by phishers, money targeted by scammers, and even packages at risk with porch pirates raiding the streets. Here are some tips to stay safe during Amazon Prime Day.

Amazon Prime Day kicks off on October 10th, starting a busy season for cyber crooks. Every year, they find new ways to exploit the inattentiveness of their victims, hurrying to grab the best deals before they expire.

Competing with scalpers

Have you ever considered why the best deals sell out as soon as they‘re announced? Scalpers snatch up high-value goods and sell them with a considerable mark-up, and Amazon Prime Day is a ‘prime day’ for these opportunists.

Antoine Vastel, Head of Research at fraud detection & mitigation platform DataDome, observed fraudsters utilizing ‘scalper bots’ during major sales days.

“Huge sales like Prime Day represent a lucrative opportunity for retail arbiters to get their hands on hot ticket items for less, only to resell them for profit elsewhere. And they may be willing to conduct high volumes of scraping requests to detect well-priced goods,” he said.

Out of 110.9 billion web requests to e-commerce sites from Q4 last year, only 47% were human, DataDome analysis revealed. Last year’s Prime Day week drove $22.4 billion in US online sales.

Bad bots and fraudsters are experts in timing and sequencing attacks for the greatest returns. Not only do they ruin the experience for genuine shoppers, but they are also bad news for online retailers, as the bots can slow websites, remove the competitive edge, and reduce overall revenue.

There’s not much to advise for individual buyers, only to be prepared, persistent, and have their autofill forms prepared, preferably in multiple devices.

Ratings, even listings, are sometimes not real

You should also be careful when basing your purchases on reviews. In the extreme cases of review manipulation facilitated by review brokers, you may end up with a counterfeit product that doesn't live up to your expectations or its purported quality.

Amazon has taken many actions against fake listings with fake reviews that harm customers and sellers, but so far, there’s been no stopping them. Amazon proactively blocked more than 200 million suspected fake reviews in 2022. As of the end of August, Amazon has taken legal action against 147 fraudsters across China, Europe, and the US.

Even genuine reviews may be misleading as sellers employ soft manipulations to place their products in a better light. Amazon has a vast ecosystem of third-party sellers.

How could that newly released graphic card have thousands of positive reviews and a 4.6-star rating on Amazon already? Well, it doesn’t. One seller decided to add a new product as a “style” of existing older products from different price/quality categories for you to choose from. Thus, the new “style” inherits the old rating, leaving some buyers unaware that those “styles” represent completely different products. It’s like selling a Lincoln and a Ford Focus in the same listing with the same rating.

Here’s an example where a budget RX 6400 video card and a premium one – RX 7900 XTX – are sold under the same umbrella. While not scamming, this kind of seller manipulation may trick users into expecting a far better product than they actually receive.

styles of products on Amazon

To protect yourself before buying, check the products and reviews for red flags, such as generic, vague praises and lack of detail, or mismatch between the actual products and the reviews, “Frequently bought together” or other sections. Also, tools such as Fakespot may help.

Phishers offer deals too good to be true

Each time Prime Day comes, phishing gangs have many fake websites deployed to trick users into clicking and entering their payment details.

This year, Check Point Research (CPR) found 16 times more malicious Amazon Prime-related phishing attacks during the month of June compared to May. During this period, there were almost 1,500 new domains related to the term “Amazon,” 92% of which were either malicious or suspicious.

Phishers employ many tactics, such as:

  • PDF-based offers that only look legitimate but lead to scam websites.
  • “The last email” before annual membership renewal, skillfully designed to resemble legitimate communications from Amazon.
  • “Lightning deals,” if you download malicious apps, gaining permission to your phone data.
  • Fake gift cards for participating in fake surveys.
  • Other social engineering attempts to bring you to an Amazon clone. Phishing links can come in many different forms.

The goals of attackers are to gain access to your account and payment methods, to trick you into spending money via malicious links, or to gain your personal information for use in later spearphishing attacks.

To protect yourself, watch for misspellings of the Amazon domain name, so that no letters or symbols are changed, added, or the top-level domain stays “.com”. Don't click any suspicious links – better go to Amazon.com instead and log in to check your actual orders. Follow basic cybersecurity hygiene, at the top of which is multi-factor authentication.

Track your order and front-run the porch pirates

A staggering 260 million packages may have disappeared from porches across America in the last 12 months. And during this period, 79% of Americans have been a victim of package theft, a 2022 Safewise survey revealed.

Thieves expect to find more targets during sales such as Prime Day or Black Friday, as an uptick in parcel arrivals often occurs in the following few days. So be prepared to come first. Cybersecurity should extend to the physical realm of your home perimeter, especially if you can’t pick up packages in person.

One solution could be double-duty security cameras, which alerts you when the package arrives and if someone else gets away with it. Self-service lockers are another solution to safely pick up your purchases.


More from Cybernews:

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

Experiment: anti-Pegasus box to keep spies away from my home

Microsoft names Hamas-linked group targeting Israel

Crooks trying to blackmail worried Israelis on WhatsApp

Ten most common cyber security misconfigurations, as revealed by the NSA and CISA

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked