Cybercriminals Prepare Fake Domains Ahead of Amazon Prime Day
5 July 2024 at 09:36
As online shoppers ready themselves for the approaching Amazon Prime Day on July 16-17, 2024, a day known for unusually extensive deals and exclusive offers, cybercriminals appear ready to lure potential victims.
Researchers observed an increase in new domains that incorporated the use of the Amazon brand over the last month, with the vast majority of these found to be suspicious and designed to steal sensitive information such as login credentials, payment details, and personal data from victims.
Amazon Prime Day Fake Domains
Researchers from Check Point observed the registration of over 1,230 such domains during June 2024, withΒ Β 85% of these identified domains flagged as malicious or suspicious. These domains pose a significant threat to shoppers' personal and financial information. The researchers identified phishing activity, deceptive emails and malicious file attachments:- Fake Domains: Newly created Amazon impersonating domains that mimic various legitimate Amazon Mexico websites to trick users into providing sensitive information and details. [caption id="attachment_80552" align="alignnone" width="705"] Source: blog.checkpoint.com[/caption] Examples of these fake domains include: -amazon-onboarding[.]com -amazonmxc[.]shop -amazonindo[.]com -shopamazon2[.]com -microsoft-amazon[.]shop -amazonapp[.]nl -shopamazon3[.]com -amazon-billing[.]top
- Distribution of malicious phishing files over alleged payment failures: Phishing campaigns use urgent language to prompt immediate action. One such attempt claimed a payment failure for an Amazon Prime Video order, directing users to a fraudulent login page.
Staying Safe With Online Shopping During Amazon Prime Day
According to a report on the Global State of Scams by the Global Anti-Scam Alliance consumers lost overΒ USD $1 trillion globally in 2023. Researchers behind the recent studyΒ have shared the following tips to help online shoppers stay safe during the Amazon Prime Day sales:- Scrutinize URLs for misspellings or unusual domain extensions.
- Use strong, unique passwords for your Amazon account.
- Verify website security by looking for "https://" and the padlock icon.
- Be wary of requests for excessive personal information.
- Approach urgent emails with caution and verify their legitimacy.
- Trust your instincts about deals that seem too good to be true.
- Use credit cards for better fraud protection when shopping online.
βI got a random call from someone who claimed I bought something on Amazon that I hadnβt and they wanted my account information to verify this was an error.βAmazon maintains a separate email address for customers to report scams at reportascam@amazon.com. In 2023, the e-commerce giant had taken down over 40,000 phishing websites and 10,000 phone numbers. Amazon also partners with organizations such as the Better Business Bureau (BBB, the Anti-Phishing Council in Japan, Microsoft and several cross-industry investigative groups to collaborate and add depth to the information collected by customers over reported scams. It is unknown if Amazon is taking any specific action related to scams that claim association with the Amazon Prime Day event.