In the last 30 days, more than 2,300 new domains were registered on Amazon, which represents an increase of 10% over the previous year.
Almost half (46%) of newly registered sites that contain the word “Amazon” are malicious.
Check Point Research has detected an increase in malicious activity in the run-up to Amazon Prime Day 2021, one of the biggest online shopping events of the year. This event, scheduled for June 21 and 22, promises millions of offers for the more than 150 million Amazon Prime subscribers around the world. More than 20 countries, from the US and the UK to China, are expected to participate in Amazon’s annual online shopping event.
Cybercriminals are masquerading as the Amazon brand ahead of this annual shopping event in order to trick consumers into stealing their email addresses, payment details and passwords, among other things.
Almost half (46%) of new domains registered with the word “Amazon” are malicious
This increase in malicious activity in the run-up to Amazon Prime Day 2021 has led to 80% of domains containing the word “Amazon” potentially dangerous. In the last 30 days, researchers have discovered that almost half (46%) of new sites registered with the word “Amazon” are malicious and 32% of them have been considered suspicious. Finally, Check Point Research has found that 32% of URLs registered with the terms “Amazon Prime” are fraudulent. Over the course of the last month, more than 2,303 new domains related to the eCommerce giant were registered, compared to 2,137 in 2020.
Why Cybercriminals Spoof URLs
Domain spoofing is a popular way for cybercriminals to steal money or other sensitive data from users. This look-alike record is intended to divert online traffic and redirects unsuspecting consumers to websites that contain malware or that ask them to provide personally identifiable information. In this case, cybercriminals seek to hide behind the Amazon brand, so that they can target Prime Day shoppers with emails that incite the recipient to click on a malicious link or respond with sensitive information.
Check Point Research has found an example of phishing, allegedly sent by Amazon’s “Customer Service”. The email asks the user to verify their account. It has been determined that the email was never sent by the spoofed company but rather is a clear phishing attack by (admin @ fuseiseikyu-hl [.] Jp). In this case, the attackers were trying to entice victims to click on a malicious link, which redirects the user to HTTP:// www[.]Betoncire[.]En/updating/32080592480922000. The link is now down.
Fake website mimicking Amazon Japan
Another example found by the Check Point Research researchers is an Amazon Japan knockoff. Finally, it was determined that the page, with the URL: amazon [.] Update-prime [.] Pop2 [.] Live, is indeed malicious.
How to stay safe on Amazon Prime Day
To help online shoppers stay safe this year, Check Point Research researchers have outlined a number of practical safety and security tips:
1.Beware of spelling mistakes from Amazon.com. Watch out for misspellings or sites that use a different top-level domain than Amazon.com. For example, a .co instead of .com. The offers on these copycat portals may look just as attractive as on the real site, but this is how cybercriminals trick people into submitting their data.
2.Check the padlock. The online purchase should not be made with the payment details of a website that does not have the SSL (Secure Sockets Layer) encryption system installed. To find out if the site has SSL, look for the “S” for HTTPS, instead of HTTP. An icon of a closed lock will appear, usually to the left of the URL in the address bar or in the status bar below. The absence of a padlock is an important red flag.
3.Share the minimum. No online shopping store needs your date of birth or your social security number to make transactions. The more cybercriminals know the more they can hijack your identity. Always maintain the discipline of sharing the minimum when it comes to your personal information.
4.Always observe the vocabulary of the email. Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they are in a hurry and are inclined to follow orders from people in positions of authority. Phishing attacks often use these techniques to convince their targets to ignore their possible suspicions about an email and click on a link or open an attachment.
5.Before Prime Day, it is important to set up a strong password for Amazon.com. Once a cybercriminal is logged into an account, it’s game over. Make sure your Amazon.com password is indecipherable, long before June 21.
6.Do not buy in public places. If you are in an airport, a hotel or your trusted coffee shop, you should avoid using your public wi-fi to shop on Amazon Prime Day. Cybercriminals can intercept what is viewed on the web. This can include emails, payment details, browsing history, or passwords.
7.Beware of “too good to be true” offers. This will be difficult to do, as Prime Day is all about great deals. But, if it sounds too good to be true, it probably is. You have to follow instinct: an 80% discount on the new iPad is rarely a reliable or trustworthy buying opportunity.
8.Credit cards only. During Prime Day, it’s best to stick with your credit card only. Since debit cards are linked to bank accounts, there is a higher risk if someone is able to hack into this information. If a card number is stolen, credit cards offer more protection and less liability.
List of countries participating in Amazon Prime Day
This year, Amazon Prime Day will take place in the following countries, according to Amazon: United States, United Kingdom, United Arab Emirates, Turkey, Spain, Singapore, Saudi Arabia, Portugal, Netherlands, Mexico, Luxembourg, Japan, Italy, Germany, France, China, Brazil, Belgium, Austria and Australia.
Prime Day is a crucial opportunity for cybercriminals. This shopping event can be fun, but it can also be dangerous for consumers. The danger is being tricked into handing over your credit card details, passwords, and even your home address or email address to cybercriminals. Its objective is to make money with the personal information of the users. The tactic these scammers use to deceive is domain spoofing, which involves clicking on a page that appears to be from Amazon, but is actually on malicious ground. It is clear that they are redoubling their efforts on Prime Day this year, as almost all the domains around “Amazon” have red flags. Check Point Research urges this year’s Prime Day shoppers to be more cautious, watch out for misspellings, and share only the bare minimum. Next week it is imperative to triple-check emails in your inbox claiming to be from the online shopping giant