What do you want to know?
- Amazon Prime Days provide a perfect opportunity for hackers to target users’ wallets and extract sensitive information.
- Data shows that in June alone, 1,200 new Amazon-related domains appeared, 85% of which were flagged as malicious or suspected of being malicious.
- Hackers usually impersonate Amazon representatives or even create similar pages to trick people into sharing financial information.
- Some of them may even contact victims via social media under the pretext of offering big discounts or free delivery of products.
Amazon Prime Day is just a few hours away. While it’s an exciting time to take advantage of the great deals, several cybercriminals are looking for such opportunities to target your wallet. Like any other cyber scam, these Prime Day scammers aim to steal personal information, credit card details, or sometimes even money from customers who are unaware of their intentions. We take a look at the most common ways people get phished and how you can spot a Prime Day scam without compromising your information.
Phishing attempts to watch out for
According to data collected by Check Point, cyberattacks targeting the Amazon brand have increased significantly. In June alone, 1,200 new domains associated with Amazon were created, 85% of which were flagged as malicious or suspected of being malicious.
“In June 2024, we discovered a large phishing campaign imitating the Amazon brand, particularly targeting the United States,” Check Point added.
Scammers can use many methods to reach you, but the most common is to impersonate official Amazon websites or accounts. Some of the new phishing sites recently spotted by the publication include:
amazon-onboarding(.)com: a newly registered fraudulent site, specifically targeting operator-related credentials.
amazonmxc(.)shop: a fake Amazon Mexico website designed as a replica of amazon.com.mx. It looks like the real site, also with a login button.
amazonindo(.)with: Another non-Amazon phishing site that collects users’ login credentials when they click the “Login” button.
Sometimes, these phishing attacks land directly in the user’s inbox. They send very convincing emails or SMS messages with links to great discounts or offers, prompting them to give out their login credentials or, worse, their credit card information. Sometimes, these messages include a threat, such as compromised login credentials or account closure if the user doesn’t act quickly, creating a sense of panic among customers.
Clicking on the link may trick the victim into logging into a similar Amazon site, exposing their credentials to the hacker, or the link may attempt to download malware onto the device, through which the hacker can access all information on the laptop/phone.
Additionally, users sometimes receive text messages from spoofed numbers claiming to be from a local post office or FedEx/UPS about an undeliverable package, with a link that attempts to obtain people’s credit card information. These messages are especially common in the United States and Canada around Prime Day sales.
Sometimes, hackers may also call their victims pretending to be Amazon customer service representatives offering deals on various products, or asking buyers for their personal information, stating that a payment has not been made on their recent order, or that their account has been hacked.
Scammers can also reach customers through their social media accounts. They may slip free Prime membership cards or Amazon gift cards into your private messages, especially during Prime Days. Some scammers may also share tempting giveaways on their social media accounts or ads related to Prime Day deals.
“The scammer’s message may even prompt you to enter your payment information to cover the shipping costs of your free item,” Norton’s website says.
How to Spot Prime Day Scams
- NordVPN’s website asks buyers to carefully review emails and messages for signs of grammatical errors, generic terms like “Dear Customer,” or a threat/urgency in the email requiring you to click a link or reply to the message.
- Most phishing emails or links contain confusing or misspelled URLs that resemble Amazon customer service credentials.
- Anyone asking for personal or financial information such as passwords, credit card information, or social security numbers via email or phone, under the guise of closing an Amazon account.
- Sales sent via email or social media that seem too good to be true, with prices discounted by up to 90%, enticing people to buy from their website.
Are You a Victim of Phishing? Here’s What to Do
If you come across such phishing/scam emails, it is better to check the email IDs and look for red flags associated with them as mentioned above. One way to avoid unnecessary hacking is to make sure you purchase from the official website of Amazon.com rather than using third-party sites to access the deals.
If someone calls you pretending to be Amazon customer service, it is best to avoid sharing any information with them over the phone/message and contact Amazon customer support directly through official channels, like the legitimate app or website.
Amazon has also made it clear that it will “never send you an unsolicited message asking you to provide sensitive personal information such as your Social Security number, tax ID number, bank account number, credit card information, identification questions such as your mother’s maiden name, or your password.” Customers can also report suspicious emails/calls through Amazon’s official website.
Amazon’s biggest sale of the year kicks off on July 16, and it’s almost time to check out the best Prime Day deals on the site. In 2023, Prime members purchased more than 375 million items worldwide and saved more than $2.5 billion during the two-day shopping event.