Check Point Research (CPR) has spotted an increase in malicious activity in the run-up to Amazon Prime Day 2021, one of the largest online shopping events of the year. This year’s event, slated to occur on June 21-22, promises millions of deals and special offers to Amazon’s 150-million-plus Prime subscribers around the world. Over 20 countries are expected to participate in Amazon’s annual online shopping event.
In the last 30 days, CPR has found that nearly half (46 per cent) of new domains registered with the word ‘Amazon’ are malicious. Furthermore, 32 per cent of new domains registered with the word ‘Amazon’ have been deemed suspicious by CPR. Finally, CPR found that 32 per cent of new domains registered with words “Amazon Prime” are malicious. In the past 30 days, over 2,303 new Amazon-related domains were registered, compared to 2137 in 2020.
Domain spoofing is a popular way for cyber criminals to steal money or sensitive data. Look-alike domain registrations aim to divert online traffic and redirect unsuspecting consumers to websites that contain malware, or prompt users to provide personal identifying information. In this case, cyber criminals are aiming to hide behind the Amazon brand, so that they can target Prime Day shoppers with emails that prompt the recipient to click a malicious link or respond with sensitive information.
Ram Narayanan, Country Manager, Check Point Software Technologies, Middle East said: “Prime Day is a crucial opportunity for cyber criminals. The shopping event can be fun, but also dangerous for consumers. The danger here is being tricked into giving up your credit card info, your passwords and even your home or email address to cyber criminals. Their goal is to make money off your personal details. The tactic cybercriminals use in for their deception is domain spoofing, where you click on a page that appears to be from Amazon, but you are actually on malicious ground. Clearly, cyber criminals are doubling-down on Prime Day this year, as almost all the domains around ‘Amazon’ have red flags. CPR urges Prime Day shoppers this year to be extra cautious, to watch for misspellings, and to share only the bare minimum. I would triple check emails in the inbox that allege they are from Amazon next week.”
This year, Amazon Prime Day will take place in the following countries, according to Amazon: USA, UK, UAE, Turkey, Spain, Singapore, Saudi Arabia, Portugal, Netherlands, Mexico, Luxembourg, Japan, Italy, Germany, France, China, Brazil, Belgium, Austria, and Australia.
Tips to Stay Safe on Amazon Prime Day
To help online shoppers stay safe this year, Check Point researchers have outlined practical security and safety tips:
1. Watch for misspellings of Amazon.com. Beware of misspellings or sites using a different top-level domain other than Amazon.com. For example, a .co instead of .com. Deals on these copycat sites may look just as attractive as on the real site, but this is how hackers fool people into giving up their data.
2. Look for the lock. Avoid buying something online using your payment details from a website that does not have secure sockets layer (SSL) encryption installed. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag.
3. Share the bare minimum. No online shopping retailer needs your birthday or social security number to do business. The more hackers know, the more they can hijack your identity. Always maintain the discipline of sharing the bare minimum when it comes to your personal information.
4. Always note the language in the email. Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they are in a hurry and inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
5. Before Prime Day, create a strong password for Amazon.com. Once a hacker is inside your account, it is game over. Make sure your password for Amazon.com is uncrackable, well before June 21.
6. Do not go public. If you find yourself at an airport, a hotel or your local coffee shop, please refrain from using their public Wi-Fi to shop on Amazon Prime Day. Hackers can intercept what you are looking at on the web. This can include emails, payment details, browsing history or passwords.
7. Beware of “too good to be true” bargains. This will be tough to do, as Prime Day is all about great offers. But, if it seems WAY too good to be true, it probably is. Go with your gut: an 80% discount on the new iPad is usually not a reliable or trustworthy purchase opportunity.
8. Stick to credit cards. During Prime Day, it’s best to stick to your credit card. Because debit cards are linked to bank accounts, there is a higher risk if someone is able to hack this information. If a card number gets stolen, credit cards offer more protection and less liability.