new-phishing-technique-chatbot
Image: Gstudio/Adobe Stock

Cyber criminals like to exploit seasonal activities and events, especially ones that garner a lot of attention from the public. Amazon Prime Day is one such seasonal event in which the retail giant kicks off a series of tempting sales for consumers looking to save money.

As in past years, scammers have already been targeting Prime shoppers in an attempt to deploy malware or steal sensitive information. A report released Wednesday by cyber threat intelligence provider Check Point Research examines the types of threats facing Prime shoppers and offers advice on how to avoid them.

Cyber criminal activity for Amazon Prime Day

In advance of this year’s Amazon Prime Day set for July 12 and 13, Check Point said it has seen a 37% jump in Amazon-related phishing attacks at the start of July compared with the daily average for June. Further, almost 1,900 new domains using the term “Amazon” popped up in June, with almost 10% of them found to be either malicious or suspicious.

SEE: Have you ever found phishing emails confusing? You aren’t alone (TechRepublic)

However, this year’s activity shows a decrease from last year when 2,303 new Amazon-related domains were found in the weeks prior to Amazon Prime Day, and a full 78% of them were considered risky.

Why the decline? Cyber criminals may not be using the term “Amazon” in their domain registration so as to avoid being detected. Plus, these scammers might be saving these domains for a future use and don’t want them to appear on anyone’s radar.

Among the phishing emails already detected by Check Point, one claims to be for an Amazon order that was cancelled due to payment issues. The message pretends to be from Amazon Customer Support with a subject line of “Order Canceled Unpaid INV.” But any recipient who clicks on the attached file will find their computer infected with a dropper malware.

Amazon Prime Day phishing attempt
Image: Check Point Research

Another phishing scam, this one targeting Amazon customers in Japan, invites the recipient to click on a link to approve a payment method for an Amazon item. Doing so, however, takes the victim to a phony login site that asks them to enter their Amazon account credentials. Following Check Point’s investigation, the site has been offline.

Protecting yourself from Amazon Prime Day phishing scams

Phishing emails use certain key psychological tactics to try to convince unsuspecting users to take the bait. Such emails often create a sense of urgency to prevent the recipient from thinking too much about whether the message is legitimate or not.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

To convey an air of authority, these emails sometimes claim to be from a CEO or top executive in a company. Some phishing emails even threaten the recipient by vowing to expose stolen personal data unless the person complies.

To protect yourself from phishing scams, especially those centered around Amazon Prime Day, Check Point offers several tips:

Watch out for emails that misspell Amazon.com. Check for misspellings of Amazon and for sites that use a similar top-level domain. These copycat sites may look like Amazon’s actual site but are designed to trick you.

Look for the lock icon. Don’t buy anything from a website that does not have Secure Sockets Layer (SSL) encryption. You can tell if the site uses SSL by looking for the S in HTTPs or checking the lock icon in the address bar or status bar.

Share as little information as possible. No online retailer needs to know your birthday or social security number. The more you reveal, the more easily attackers can hijack one of your accounts.

Have a strong Amazon password. In advance of Amazon Prime Day, make sure your Amazon password is strong. The stronger the password, the more difficult your account will be to crack should it ever be breached.

Beware of public Wi-Fi networks. Whether you’re at an airport, hotel, or coffee shop, don’t use a public network to shop on Amazon Prime Day. Attackers can intercept your activity to access email, payment details, and other sensitive information.

Watch out for bargains that sound too good to be true. The deals can be great on Prime Day. But be wary if they sound too great, as that may mean you’re shopping at a copycat site.

Use your credit card. When shopping online, always try to use your credit card and not a debit card. Credit cards offer more protection and less liability should they be stolen.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays