As online shoppers ready themselves for the approaching Amazon Prime Day on July 16-17, 2024, a day known for unusually extensive deals and exclusive offers, cybercriminals appear ready to lure potential victims.
Researchers observed an increase in new domains that incorporated the use of the Amazon brand over the last month, with the vast majority of these found to be suspicious and designed to steal sensitive information such as login credentials, payment details, and personal data from victims.
Amazon Prime Day Fake Domains
Researchers from Check Point observed the registration of over 1,230 such domains during June 2024, with 85% of these identified domains flagged as malicious or suspicious. These domains pose a significant threat to shoppers’ personal and financial information.
The researchers identified phishing activity, deceptive emails and malicious file attachments:
- Fake Domains: Newly created Amazon impersonating domains that mimic various legitimate Amazon Mexico websites to trick users into providing sensitive information and details.
Source: blog.checkpoint.com Examples of these fake domains include:
-amazon-onboarding[.]com
-amazonmxc[.]shop
-amazonindo[.]com
-shopamazon2[.]com
-microsoft-amazon[.]shop
-amazonapp[.]nl
-shopamazon3[.]com
-amazon-billing[.]top
- Distribution of malicious phishing files over alleged payment failures: Phishing campaigns use urgent language to prompt immediate action. One such attempt claimed a payment failure for an Amazon Prime Video order, directing users to a fraudulent login page.
Some attacks distribute files with misleading names like “Mail-AmazonReports-73074[264].pdf,” containing false alerts about account suspension to steal payment details.
The file lures victims by creating a false sense of urgency in informing them that their Amazon account had been suspended due to mismatched billing information, instructing them to update their payment details through a provided phishing link: trk[.]klclick3[.]com.
The message within the file threatens account closure if immediate action is not taken by the victim, stoking fears about possible account termination or loss of access to services.
Staying Safe With Online Shopping During Amazon Prime Day
According to a report on the Global State of Scams by the Global Anti-Scam Alliance consumers lost over USD $1 trillion globally in 2023. Researchers behind the recent study have shared the following tips to help online shoppers stay safe during the Amazon Prime Day sales:
- Scrutinize URLs for misspellings or unusual domain extensions.
- Use strong, unique passwords for your Amazon account.
- Verify website security by looking for “https://”; and the padlock icon.
- Be wary of requests for excessive personal information.
- Approach urgent emails with caution and verify their legitimacy.
- Trust your instincts about deals that seem too good to be true.
- Use credit cards for better fraud protection when shopping online.
A customer trust report from Amazon in March of this year indicated that over two-thirds of observed scams purported to be order or account issues. A paraphrased customer quote within the report stated:
“I got a random call from someone who claimed I bought something on Amazon that I hadn’t and they wanted my account information to verify this was an error.”
Amazon maintains a separate email address for customers to report scams at [email protected]. In 2023, the e-commerce giant had taken down over 40,000 phishing websites and 10,000 phone numbers.
Amazon also partners with organizations such as the Better Business Bureau (BBB, the Anti-Phishing Council in Japan, Microsoft and several cross-industry investigative groups to collaborate and add depth to the information collected by customers over reported scams.
It is unknown if Amazon is taking any specific action related to scams that claim association with the Amazon Prime Day event.