Amazon Prime Day is here. And so are the scams.
The massive retail event brings out cyber criminals armed with phishing and fraud campaigns using the Amazon brand and logos, according to multiple cybersecurity companies.
Criminals have been prepping to “prey on the unwary,” Bolster, a cybersecurity firm that offers fraud prevention, said in its report. “The obvious spike is a strong indication that cybercriminals are gearing up for a profitable Prime Day to take advantage of the unwary.”
Other analysts agree.
“We receive messages about new deals and shipping updates through SMS and social media platforms all the time,” Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco-based provider of mobile security solutions, told Fox News in a statement. “Phishing campaigns based on something like Prime Day are built to mimic those communications.”
Schless said he’s seen mobile phishing campaigns recently where they target users with fake SMS messages pretending to be their local package delivery service.
“When the user taps the link in the message, they’re asked to identify themselves by entering their credit card number or other personal data,” Schless added.
Consumer fraud spiked in March after the World Health Organization’s COVID-19 pandemic announcement, then dipped, then spiked again in August with another increase of two-and-a-half times in September, Bolster added.
Researchers at Check Point found an “alarming increase” in the number of websites related to Amazon that are malicious. In a 30-day period leading up to Amazon Prime Day, there was a 21% increase in domains registered containing the word “Amazon,” compared to the previous 30 days.
More than a quarter (28%) of those domains have been found to be malicious and another 10% suspicious, Check Point wrote in its report.
The number of websites registered containing the words “Amazon” and “Prime” has doubled within the last 30 days, with 20% of those domains being malicious, Check Point added.
One of the more realistic-looking fraudulent Amazon campaigns shows criminals carefully copying parts of the Amazon website, according to Bolster, which analyzed hundreds of millions of web pages and tracked the number of new phishing and fraudulent sites using the Amazon brand and logos.
The criminal copied the header and footer layouts, fonts, and dimensions “to really deceive the shopper,” Bolster explained. Look closer, however, and there are several red flags:
- Only the form itself works. None of the other links actually work or take you to another page.
- Information requested on the form is more than what Amazon asks for: Amazon does not ask for social security numbers, date of birth, mother’s maiden name, or a CVV number.
- The page is hosted on appspot.com, which is a Google Cloud computing platform, an Amazon competitor.
- The IP address for the URL is used for multiple suspicious or fraudulent domains.
Other phishing red flags commonly cited by cybersecurity experts include:
- If a message comes with a link or attachment, chances are it is fraudulent.
- Spelling and grammar mistakes. Scammer emails often use language riddled with errors.
- An urgent email after you purchase something.
Amazon offers help on fraud here.
By Brooke Crothers