Whether your utility allows access to Amazon from the enterprise network or not, users are likely to be somewhat distracted during Prime Day. Members are encouraged to share this post with everyone as a reminder to maintain vigilance for Prime Day scams and phishing attempts.
Cyber threat actors are creatures of habit. Year after year they are observed using the same ploys to scam potential victims. This time of year, their attention unsurprisingly turns to Amazon Prime Day (July 16-17, 2024). While offering attractive deals for shoppers, Prime Day presents multiple opportunities for threat actors to exploit online consumers with various scams. According to Amazon, last year around Prime Day, shoppers reported almost three times as many scams as usual – from roughly 5,000 to more than 14,000 a week. Additionally, researchers tracked over 1,230 new domains associated with Amazon that emerged in June 2024, with 85% flagged as malicious or suspicious. As annoying as this is, it is important to remember that scams surrounding Prime Day are part of the much larger brand impersonation problem. In the instance of Prime Day, scammers are leveraging the brand recognition Amazon commands and that consumers are expecting emails and other messaging from Amazon and therefore are more likely to fall for a scam.
Some of the most common scams to watch out for during Prime Day:
- Phishing and smishing attacks. Scammers send deceptive emails or text messages that appear to be from Amazon, often containing links to fake websites designed to steal personal information and login credentials. These messages may claim there's a problem with your account or order, urging you to take immediate action. Verify all Amazon communications (emails and text messages) directly through your Amazon account.
- Fake websites. Cybercriminals create websites that closely mimic Amazon's design, tricking users into entering their login details or payment information. Always verify the Amazon URL before entering any sensitive data – be wary of misspellings or sites using a different top-level domain. Better yet, only interact with Amazon through the official Amazon mobile app or website!
- Phone scams. Scammers may call pretending to be Amazon representatives, claiming there's an issue with your Prime membership or order and requesting payment information to resolve it. Never provide personal or financial information over the phone.
- Fake reviews. Fraudulent sellers use AI-generated fake reviews to make their products appear more appealing. These reviews often lack coherence, contain grammatical errors, and offer vague descriptions. Read reviews carefully and look for signs of authenticity.
- Counterfeit products. Scammers pose as legitimate sellers, offering fake merchandise at suspiciously low prices. These counterfeit items may be of poor quality or never arrive at all. Be wary of deals that seem too good to be true.
Has your Amazon account has been put on hold? NOT likely! In June 2024, CheckPoint discovered a widespread phishing campaign mimicking the Amazon brand, particularly targeting users in the U.S. The campaign distributed a file with the content luring victims by urgently informing them that their Amazon account has been suspended due to mismatched billing information with their card issuer. It instructs them to update their payment details through a phishing link that directs them to a fraudulent website. The message threatens closure of the account if immediate action is not taken, creating a sense of urgency to prompt the user to respond quickly, fearing data exposure or account termination as consequences of non-compliance.