Security researchers have warned of a sharp rise in fraud and identity theft campaigns targeting shoppers ahead of Amazon Prime Day 2022, which kicks off on July 12.
The latest data from security firm Check Point shows the volume of Amazon-related phishing emails has spiked by 37% month-on-month, with further increases likely as the event draws near.
The company’s threat intelligence team has also identified 1,900 new domains linked in some regard to the ecommerce giant, at least 9.5% of which have been deemed “risky”.
Amazon Prime Day scams
Amazon Prime Day is among the biggest events of the year for online shoppers, perhaps second only to the Black Friday and Cyber Monday weekend.
Inevitably, an event of this scale attracts the attention of all manner of cybercriminals, who look to capitalize on the hunt for deals to lure victims into exposing their passwords, personal data and credit card details.
In one example provided by Check Point researchers, scammers masqueraded as a member of the Amazon Customer Support Team, supposedly getting in touch to inform the victim of a canceled order.
The message invited the individual to open an email attachment, which was dressed up as an invoice, but in fact contained dropper malware capable of setting the stage for a number of secondary attacks.
In another email campaign, recipients were prompted to update their Amazon payment information. The link provided led to a page that closely resembles the legitimate Amazon website, but is built to harvest any information entered by the victim.
The advice for shoppers hoping to avoid these kinds of scams over Amazon Prime Day is to protect their devices with leading antivirus software and to pay close attention to oddities in the emails they receive (e.g. spelling and grammar mistakes, abnormal sender address etc.) that might betray a scam.
Another sensible precaution would be to navigate directly to known Amazon domains when making purchases, account changes and the like, even if an email message looks entirely legitimate.
- Protect your accounts with two-factor authentication using the best security keys around