Amazon Prime Day represents an opportunity for consumers to find deals and save money on their favorite products. But it’s also a chance for cybercriminals to take advantage of another hot topic to try to scam people. In a report released Wednesday, fraud prevention company Bolster looks at scams exploiting Amazon’s popular sales event and offers tips on how to avoid them.
SEE: Fighting social media phishing attacks: 10 tips (free PDF) (TechRepublic)
For 2021, Prime Day will be on June 21 and 22, a return to its usual summer slot. In 2020, Amazon moved Prime Day to October due to supply chain issues caused by the coronavirus pandemic. Still, the 2020 Prime Day sales shot up by 45% to $10.4 billion from $7.16 billion in 2019.
When rumors of an October Prime Day started to surface last summer, Bolster noticed a rise in Prime Day phishing and scam websites—a 110% increase in August and another 153% gain in September. By October, more than 1,600 new Amazon phishing and scam sites had popped up, almost 16 times the average number.
From January through May of 2021, Bolster discovered 2,805 new Amazon phishing and scam sites, an increase of more than seven times from the 394 sites observed during the same months in 2020. With the economy recovering and people now in more of a spending mood, Amazon consumers and scammers are likely to be even busier as we get closer to this year’s Prime Day.
SEE: Amazon Prime Day 2021: How to get the best tech deals (TechRepublic)
One type of new Amazon scam site already detected by Bolster has been promoting “Early Prime Day Deals” just like the real Amazon site has done. The phony sites look just like the actual thing, while the URL even contains the domain name of Amazon.com. One of these sites is hosted by a Chinese company in Los Angeles, and the IP address has been used for several other phishing sites. But those aren’t clues the average person would pick up. The goal behind such sites is to grab money from the consumer for goods that never get delivered.
Another type of site prompts shoppers to set up an Amazon wallet as a promotion to cash in on all the Prime Day deals. The purpose of these sites is to collect the consumer’s credit card information while setting up the alleged Amazon wallet. Naturally, that data is then used for fraudulent purchases or is sold on the dark web. One site found by Bolster is hosted in Moscow with an IP address used for 89 other phishing sites.
To protect yourself from these scam Amazon sites and stay safe on Prime Day, Bolster offers three tips:
Start at Amazon.com. The typical way to take consumers to a scam site is through a phishing or spam email. To avoid this prospect, don’t click on links in emails, even ones you think may come from Amazon. Instead, go directly to Amazon.com to do your Prime Day shopping.
Set strong passwords and don’t reuse them. People who rely on weak passwords or use the same ones across multiple sites are taking a chance. If the password for your Amazon account is the same as the ones for your bank account and email account, then a compromise of one leaves the others vulnerable. Your best bet is to use a password manager, which can create and store different complex passwords for every account.
Avoid deals that are too good to be true. Scammers know that everyone loves a deal to the point that people may ignore an obvious scam in an attempt to score their favorite product. Conduct research before your Prime Day shopping to get a sense of the prices for the items you want to buy. If you see a price far below those levels, then investigate before you purchase.