The Amazon Prime Day Exclusive Deals event will only take place next week, on the 12th and 13th of July, but cybercriminals have been eyeing ways to trick consumers for days.
According to digital security company check point research (CPR), the first days of July saw a 37% increase in daily attacks involving Amazon and the phishing scamtechnique used to steal data, money from victims or run malicious programs (malware). This compared to the daily average for the previous month.
In June alone, the company registered around 1,900 new domains linked to the term “amazon“: 9.5% of them were classified as suspicious, malicious or risky.
In the 2021 edition, there was an 86% increase in phishing emails related to Amazon Prime Day in June, as well as a 16% increase in phishing URLs from the previous month.
If you’re thinking about shopping during the giveaway event, follow the tips below to increase your security.
1. Pay attention to email addresses
Last year, there were 2,303 domains created that had the term “amazon”. Of this total, 78% were considered dangerous.
Therefore, the strategy of triggering emails using the company name to attract attention is quite common. Many scammers create domains very similar to the legitimate one to deceive their victims.
You need to pay close attention to the sender, message title, email content and be suspicious of attached files.
“Instead of the email address being boss[@]company[.]com, a phishing email can use boss[@]cornpany[.]com, replacing the “m” in “company” with “rn”. While they may look real, they belong to a completely different domain that could be under the attacker’s control.”
2. Take extra care with attachments
Cybercriminals send files attached to the email, for example, to install a malicious program on the device used. Software can steal data and keep monitoring equipment active without you realizing it.
If you receive any suspicious emails, simply delete, report and block from your contact list. Do not open any attachments without making sure it is a legitimate email address.
When in doubt, check the official website of Amazon (and other ecommerce companies in case of online purchases)
3. Do not click on links to approve payment
According to the security firm’s analysis, consumers at Amazon Japan received emails requesting a purchase confirmation via a link. But, in fact, the link ended up taking the victim to a fraudulent website similar to the official Amazon one.
The danger of this scam is to enter confidential data such as login passwords, credit cards and other information that can be used to make illicit purchases later.
4. Avoid shopping online on sites without https
https is a protocol that indicates greater security of information sent to a website. This method aims to prevent your data from being captured, copied or stolen by cyber criminals.
To find out if the shopping site has this digital certificate, check if the padlock icon is present at the beginning of the search bar, before the address of the virtual store — in this case, Amazon.
5. Attention to grammatical errors
Messages with English errors are alerts that the email may be fraudulent. It is unlikely that an established company in the market – such as Amazon – will send messages with errors of agreement, accentuation and misspelled words.
Errors can also indicate that the origin of the cybercrime is outside Brazil. So, if the content seems strange, has an unusual tone, be suspicious.
6. Don’t fall for appealing requests
There is a tactic called social engineering that will try to make you fall for the scam through the use of psychological tricks.
Be wary of actions like the ones below:
- sense of urgency: such as “don’t waste time”, “the deadline is going to end”.
- use of authority: people who can pose as a regional manager, director, owner, etc.
- fear or blackmail: they can say that they will show intimate photos of the victim if you don’t do something.
7. Notify the IT security team
If you detect a potential scam (or have fallen for one), it is recommended that the e-commerce company be notified.
This also applies if you used equipment from your workplace and fell victim to phishing attacks. There is a risk that other people will not identify the scam.
Once alerted, enterprise security teams will be able to investigate and take security measures, highlights Check Point Research.