Amazon Prime Day Safe Shopping Tips

With so many people shopping during Amazon's Prime Day, hackers and scammers will see this two-day shopping event as a major opportunity to do damage. Between fake checkout pages, phishing sites and scam emails, there are plenty of ways a cyber-criminal can ruin your Prime Day fun.

 

Malicious Sites & Domain Registrations 

A website called Check Point says in the past 30 days there were over 2,300 newly registered domains containing the words “Amazon” and “Prime”. Almost half (46%) of those domains have been found to be malicious and another 32% suspicious.
 

Phishing

Scammers and hackers are constantly getting more creative and innovative with their phishing methods and techniques, seeking ways to lure victims into clicking on what seems like a very legitimate website or email coming from an expected or familiar source. The basic element of a phishing attack is a message, sent by email, social media, or other electronic communication means.

A phisher may use public resources, especially social networks, to gather potential victim's information like their name, job title, email address, and even interests and activities. They will then use this information to create a reliable fake message, that is sent to the victim.

Typically, the emails the victim receives appear to come from a known contact or organization. Attacks are carried out through malicious attachments or links to malicious websites. Attackers often set up fake websites, which appear to be owned by a trusted entity like the victim's bank, workplace, or university. Via these websites, attacks attempt to collect private information like usernames and passwords, or payment information.

Phishing examples

Researches at Check Point found an example of a phishing email which seems like it was sent from "Customer Service", but from looking on the email address it's clearly understood that it's phishing ([email protected]). The attacker was trying to lure the victim to click on a malicious link, which redirect the user to http://www[.]betoncire[.]es/updating/32080592480922000 - the link is inactive.

Subject: Mail sent from Amazon: Wednesday, June 2, 2021 9GMT+10)
From: Customer Service (admin@fuseiseikyu-hl[.]ip)

Another Example

Another example is a fake, fraudulent malicious page the the Check Point researchers found, disguised behind what looks like the real Amazon login website in Japan.

amazon[.]update-prime[.]pop2[.]live

 

Check Point shared these seven safety and security tips for shoppers:

1. Watch for misspellings of Amazon.com. Beware of misspellings or sites using a different top-level domain other than Amazon.com. For example, a .co instead of .com. 
    

2. Look for the lock. Avoid buying something online using your payment details from a website that does not have a secure sockets layer (SSL) encryption installed. An easy way to tell is that an icon of a locked padlock appears, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag.
    

3. Share the bare minimum. No online shopping retailer needs your birthday or social security number to do business. The more hackers know the more they can hijack your identity. Always maintain the discipline of sharing the bare minimum when it comes to your personal information.
    

4. Before Prime Day, create a strong password for Amazon.com. Once a hacker is inside your account, it is game over. Make sure your password for Amazon.com is uncrackable, well before Prime Day.
    

5. Don’t go public. If you find yourself at an airport, a hotel or your local coffee shop, please refrain from using their public wi-fi to shop on Amazon Prime Day. Hackers can intercept what you are looking at on the web. This can include emails, payment details, browsing history or passwords.
    

6. Beware of “too good to be true” bargains. This will be tough to do, as Prime Day is filled with great offers. But, if it seems WAY too good to be true, it probably is. 
    

7. Stick to credit cards. During Prime Day, it’s best to stick to your credit card. Because debit cards are linked to our bank accounts, we’re at a much higher risk if someone is able to hack our information. If a card number gets stolen, credit cards offer more protection and less liability.