As Amazon Prime Day rapidly approaches (the 12th and 13th of this month), Check Point Research warns of scams surrounding the event. Given that Amazon represents one of the most frequently imitated brands, shoppers are encouraged to take extra cyber security precautions.
Amazon Prime Day
According to Check Point Research, Amazon has already reported a 37% increase in daily Amazon-related phishing attacks. In June, nearly 1,900 new domains related to the term Amazon popped up across the internet. Nearly 10% of these domains were identified as “risky” – potentially malicious or suspicious.
Ahead of last year’s Amazon Prime Day, Check Point Researchers reported an 86% increase in phishing emails related to the event. Further, the group observed a 16% increase in phishing URLs during June of 2021 as compared to May of that year.
What to watch for
Can you spot a scam? Experts recommend watching for the following:
1. Fake domains. Keep an eye out for domain names designed to mimic legitimate or trusted domains. For example, you might see a spelling along the lines of Arnazon, rather than Amazon – where a letter has been replaced with similar looking ones that can fool the eye.
2. Phony email addresses. Phishers may also use fake email addresses in their attacks. For example, an email might claim to be from email@example.com. The email address may appear legitimate at first glance, but upon closer inspection, the hackers have replaced the letter “m” with an “r” followed by an “n.”
3. Incorrect grammar or tone. Phishing emails are commonly written by people who are not fluent in the language of a targeted group. As a result, such emails may contain grammatical errors or otherwise sound incorrect.
4. Unusual attachments. Phishing emails often aim to deceive the recipient into downloading and running malware on a device. In order for this to work, an email needs to carry a file capable of running executable code. In turn, phishing emails frequently include unusual or suspicious attachments.
5. Sense of urgency. Scammers often peddle stories designed to quickly inspire action on the part of victims. They know that when people are in a hurry, they’re less likely to analyze requests and therefore, to recognize a scam.
6. Fear and blackmail. Some scammers threaten consequences for failure to comply with requests. For example, a hacker may say that he or she will expose stolen text message, payment or healthcare information belonging to the victim.
What to do with suspicious emails
If you receive an unsolicited email that’s allegedly from an Amazon IT administrator, and Amazon sales representative, and Amazon logistics coordinator or other Amazon-related roles, be suspicious. Here’s what to do if one lands in your inbox.
Don’t reply, click links, or open attachments. Never follow a phisher’s instructions. In the event that you identify a suspicious link, attachment or request for a reply, avoid clicking, opening or sending it.
Report the email. Phishing attacks are often components of distributed campaigns. Some such campaigns arrive to peoples’ work email addresses, in which case, the phishing attempt should be reported to the IT or security team. If you see a potential Amazon phishing email in your personal inbox, reach out to Amazon directly.
Delete the suspicious email. After reporting a suspicious email, delete it from your inbox. This reduces the probability of accidentally clicking on the email without realizing it.
For more insights into the latest phishing scams, see CyberTalk.org’s past coverage. Get a phishing prevention eBook here. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.