/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130344212z-iw-new.png)
/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130332454z-iw-new.jpg)
/industry-wired/media/post_attachments/wp-content/uploads/2022/07/Beware-of-E-mail-Security-during-the-Amazon-Prime-Day-Sale.jpg)
Cybersecurity researchers warned Amazon prime members about the potential risks of Amazon prime day sales
Amazon will be hosting its Prime Day sale in India on July 23 and July 24 but ahead of the online shopping extravaganza, Check Point Research (CPR) has detected a sharp increase in daily Amazon-related phishing attacks as cybercriminals try to exploit shoppers on the lookout for a good deal.
During the first week of July, CPR detected a 37 percent increase in such phishing attacks compared to the daily average in June. It also found 1,900 newly registered domains with the word “amazon” in them; 9.5 percent of these were found to be either suspicious or malicious. In the week before Prime Day 2021, CPR had discovered 2,303 new such domains with 38 percent of them found to be risky.
Pete Nicoletti, Chief Information Security Officer with cybersecurity firm Check Point, tells 5 On Your Side scammers are stepping up their attacks which means you have to be even more careful to protect your information. Nicoletti says scammers are using this sense of urgency and well-disguised emails and websites to steal your personal information.
"We’re seeing a 40% uptick, week over week, in phishing. And we’re seeing over 2,000 fake domains being registered in the past week," Nicoletti mentioned. He added that phishing emails account for about 85 percent of the Prime Day-related scams, with hundreds of millions of them sent.
"They’ll get just hundreds of people clicking on them," Nicoletti says, "and that’s all they’ll need for their campaign to be successful. If they get your information, it won't take long for them to use your password against you. Within minutes of that harvested credential, an affiliate is going to be attempting to log into 200 different websites that might have used those credentials," Nicoletti warns.
His biggest piece of advice is not to trust the email that’s coming in. "Just delete the email. And if you do have something that you’re expecting from Amazon, go ahead and log into Amazon," he says.
McAfee reported a popular phishing kit, 16Shop recently shifted its attention to Amazon. 16Shop allows hackers to send out malicious emails disguised as legitimate emails from Amazon. The emails contain PDF attachments that include links that direct victims to a site that looks identical to that of Amazon's login page. The site is designed to collect information from victims who find themselves duped by the phishing campaign.
How to recognize phishing emails?
Attackers use many different techniques to make malicious emails look legitimate and if you are aware of some of them, it would be easier for you to spot and avoid phishing attacks. Here are some of the most commonly used phishing attack techniques, as identified by CPR.
Fake domains
Using a fake lookalike domain that appears to be from a legitimate company is one of the most common email phishing techniques.
Incorrect grammar or spelling mistakes
Phishing emails often contain grammatical errors and mistakes because they are sometimes written by people who are not fluent in the language.
Risky attachments
Many phishing attacks rely on tricking users into downloading and running malware attached to the mail. To do this, phishing emails often contain suspicious attachments.
Psychological tricks
Phishing emails often employ psychological tricks to convince users into doing something against their interests like installing malware or sharing sensitive information.