What you need to know
- Amazon Prime Days present a perfect opportunity for hackers to target users’ wallets and extract sensitive information from them.
- The data shows that, in June alone, 1,200 new Amazon-related domains appeared, of which 85% were flagged as malicious or suspected to be malicious.
- Hackers usually masquerade as Amazon representatives or even create similar sites to trick people into sharing financial information.
- Some of them may even contact victims through social media DMs on the pretext of offering massive discounts or free shipping on products.
Amazon Prime Day is just hours away. While this can be an exciting time to take advantage of massive deals, some cybercriminals are looking for such opportunities to target your wallet. Like any other cyber scam, these Prime Day scammers aim to steal personal information, card details or sometimes even money from customers who are unaware of their intentions. We dive into the most common ways people get phished and how you can spot a Prime Day scam without compromising your information.
Efforts to guard against phishing
According to data collected by Check Point, there has been a significant increase in cyber attacks related to the Amazon brand. In June alone, 1,200 new Amazon-related domains appeared, of which 85% were flagged as malicious or suspected to be malicious.
“In June 2024, we detected a widespread phishing campaign impersonating the Amazon brand, specifically targeting the US,” Check Point added.
Scammers can use many methods to contact you, but the most common is to masquerade as an official Amazon site or account. Some of the new phishing sites recently discovered by the publication were:
amazon-onboarding[.]com: a newly registered fraudulent site, specifically targeting carrier-related credentials.
amazonmxc[.]shop: a fake Amazon Mexico website created as a copy of amazon.com.mx. It looks like the real deal even with a login button.
amazonindo[.]com: Another non-Amazon phishing site that collects users’ login credentials by clicking the “login” button.
Sometimes, these phishing attacks end up right in the user’s inbox. They send highly persuasive emails/text messages with links to discounts or massive offers, enticing them to reveal their login credentials or, worse, their credit card details. Sometimes, these messages carry a threat, such as login details are compromised or accounts are locked out if users don’t act quickly – creating a sense of panic among customers.
Clicking on the link may prompt the victim to log in to an Amazon-like site, exposing their credentials to the hacker, or the link may attempt to download malicious software onto the device, through which the hacker can gain access to it. all the information. on laptop/phone.
Additionally, users sometimes receive messages from spoofed numbers claiming to be a local post office or Fedex/UPS about an undelivered package, with a link that tries to get people’s credit card details. These are especially common in the US and Canada around first day sales.
Hackers can sometimes call victims pretending to be Amazon customer service representatives offering deals on various products, or again asking shoppers for their personal information, stating that a payment wasn’t made on their last order. or that their account has been hacked.
Another way scammers can reach customers is through their social media accounts. They can slide into your DMs promising Prime membership cards or free Amazon gift cards, especially during Prime Days. Some scammers may also share tempting gifts on their social media accounts or ads about Prime Day deals.
“The scammer’s message may even prompt you to enter your payment information to cover shipping costs for your free item,” Norton’s website states.
Ways to spot Prime Day scams
- NordVPN’s website urges buyers to look carefully at emails and messages for signs of grammatical errors, generic terms like “Dear Customer” or a threat/urgency in the email that compels you to click a link or reply to the message .
- Most phishing emails or links contain incorrect or misspelled URLs that resemble Amazon customer service IDs.
- Anyone requesting personal or financial information such as passwords, credit card details, or Social Security numbers by email or phone under the pretense of closing an Amazon account.
- Sales sent through emails or social media accounts that seem too good to be true, with prices reduced by up to 90%, enticing people to buy from their website.
Being phished? Here’s what needs to be done
In case you come across such phishing emails/scams, it is better to verify the email IDs and look for red flags related to them as mentioned above. One way to avoid unnecessary hacks is to make sure you buy from the official Amazon.com site instead of using third-party sites to access the deal.
If someone calls you claiming to be Amazon customer service, it is best to avoid sharing any information with them over the phone/message and contact Amazon customer support directly through official channels such as the legitimate app or website.
Amazon has also clearly mentioned that it will “never send you an unsolicited message asking you to provide sensitive personal information such as your social security number, tax ID, bank account number, credit card information, login questions like your maiden name or password”. .” Customers can also report suspicious emails/calls via Amazon’s official website.
Amazon’s biggest sale of the year kicks off on July 16, and it’s almost time for the best Prime Day deals to hit the site. In 2023, during the two-day shopping event, Prime members bought more than 375 million items worldwide and saved more than $2.5 billion.