Check Point warns of countless fake websites on Amazon Prime Day

Share:

Fast 1.500 neue Fake-Domains

The security researchers have discovered almost 1,500 risky fake domains and expect a new high in phishing attacks on Amazon Prime Day this year

Since its inception in 2015, Amazon Prime Day has been a shopping extravaganza eagerly awaited by many customers with its exclusive offers and discounts. This year, Amazon Prime Day falls on July 11th and 12th and, according to the online retailer, has reached a new high in 2022: Prime members worldwide purchased more than 300 million items during Prime Day 2022. Amid the excitement, however, there is a risk that cannot be ignored: cybercriminals are using this opportunity to launch phishing attacks and lure unsuspecting shoppers. Attackers use a variety of fraudulent tactics to do this. They send fake emails or create fake websites to steal personal information or financial credentials.

Alarming insights into domain registration and phishing attacks

This year, Check Point Research (CPR) found 16 times more malicious phishing attacks related to Amazon Prime in June than in May. The overall increase in all Amazon-related phishing attacks was 8 percent. During that period, there were nearly 1,500 new domains containing the term “Amazon,” of which 92 percent were classified as risky—meaning either malicious or suspicious.

1 out of 68 new domains associated with the keyword “Amazon” was also associated with “Amazon Prime”. About 93 percent of these domains were classified as risky.

How phishing works

The basic element of a phishing attack is a message sent via email, social media, or other electronic means of communication.

A “phisher” may use public resources, particularly social media, to gather background information about their victim’s personal and professional experiences. These sources are used to collect information such as the potential victim’s name, job title, and email address, as well as their interests and activities. The “phisher” can then use this information to create a fake message.

Usually, the emails that the victim receives appear to come from a known contact or organization. The attacks are carried out via infected attachments or links to malicious websites. Attackers often set up fake websites that appear to belong to a trusted entity, such as the victim’s bank, workplace, or university. Attackers then use these websites to try to collect private information such as usernames and passwords or payment information. Some phishing emails can be recognized by poorly written text and improper use of fonts, logos, and layouts. However, many cybercriminals are becoming more sophisticated when it comes to crafting authentic-looking messages,

Here’s how to stay safe when shopping online on Amazon Prime Day

To help online shoppers stay safe this year, Check Point researchers have compiled some safety and protection tips:

  1. Watch out for misspellings of Amazon.com . Look out for misspellings or websites that use a top-level domain other than Amazon.com. For example, a “.co” instead of “.com”. The offers on these imitation websites may look just as attractive as on the real website, but this is how the hackers trick consumers into giving up their details.
  2. Create a strong Amazon.com password ahead of Prime Day . Once a hacker gets into your account, it’s too late. Make sure your Amazon password is uncrackable well before July 11th.
  3. Look out for the lock . Avoid buying anything online using your payment details from a website that does not have Secure Sockets Layer (SSL) encryption installed. To determine if the website has SSL, look for the “S” in HTTPS instead of HTTP. An icon with a closed padlock usually appears to the left of the URL in the address bar or in the status bar below. A missing lock is an important warning sign.
  4. Share only what is necessary . No online shopping retailer needs your birthday or social security number to do business. The more hackers know, the more they can spy on your identity. Always share what is necessary when it comes to your personal information.
  5. Always pay attention to the language in the email . Social engineering techniques are designed to exploit human nature. These include the fact that people are more likely to make mistakes when they are in a hurry and that they tend to follow instructions from those in (perceived) positions of authority. In phishing attacks, these techniques are typically used to convince the target to ignore their potential suspicions about an email and click a link or open an attachment.
  6. Beware of bargains that are too good to be true . Sometimes it’s hard to resist discounts because Prime Day is all about cheap deals. But if an offer looks too good to be true, it probably is. Go with your gut: An 80 percent discount on the new iPad isn’t usually a reliable or trustworthy buying opportunity.
  7. Stick to credit cards . During Prime Day, it’s best to stick to your credit card. Because debit cards are linked to our bank accounts, we are at a much higher risk if someone can hack our details. If a card number is stolen, credit cards offer more protection and less liability.

 

(c) Herbert Wieler

כתיבת תגובה

האימייל לא יוצג באתר. שדות החובה מסומנים *

Scroll to Top