Check Point Research (CPR) spots surges in malicious activity in the run-up to Amazon Prime Day 2021, where nearly 80% of domains containing the word “Amazon” are potentially dangerous. Cybercriminals are impersonating the Amazon brand ahead of the annual shopping event in order to trick consumers into credential theft of their email addresses, payment details and passwords, and more.
- In the last 30 days, over 2,300 new domains were registered about Amazon, a 10% increase from the previous Amazon Prime Day, where the majority now are either malicious or suspicious
- Almost one out of two (46%) new registered domains containing the word “Amazon” are malicious
- Almost one out of three (32%) new registered domains with the word “Amazon” are deemed suspicious
- CPR provides examples of malicious impersonations of Amazon Customer Service, as well as the log-in page for Amazon Japan
Check Point Research (CPR) has spotted an increase in malicious activity in the run-up to Amazon Prime Day 2021, one of the largest online shopping events of the year. This year’s event, slated to occur on June 21-22, promises millions of deals and special offers to Amazon’s 150-million-plus Prime subscribers around the world. Over 20 countries, from U.S.A. and U.K., to China and more, are expected to participate in Amazon’s annual online shopping event.
Roughly 80% of “Amazon” Domains are Potentially Dangerous
In the last 30 days, CPR has found that nearly half (46%) of new domains registered with the word “Amazon” are malicious. Furthermore, 32% of new domains registered with the word “Amazon” have been deemed suspicious by CPR. Finally, CPR found that 32% of new domains registered with words “Amazon Prime” are malicious. In the past 30 days, over 2,303 new Amazon-related domains were registered, compared to 2137 in 2020.
Why Cybercriminals Spoof Domains
Domain spoofing is a popular way for cyber criminals to steal money or sensitive data. Look-alike domain registrations aim to divert online traffic and redirect unsuspecting consumers to websites that contain malware, or prompt users to provide personal identifying information. In this case, cyber criminals are aiming to hide behind the Amazon brand, so that they can target Prime Day shoppers with emails that prompt the recipient to click a malicious link or respond with sensitive information.
Impersonation of Amazon’s “Customer Service”
CPR found a phishing mail, allegedly sent from Amazon’s “Customer Service”. The email prompts the opener to verify their Amazon account. CPR determined that the email was never sent by Amazon, but instead is clear phishing from (admin@fuseiseikyu-hl[.]jp). The attacker here was trying to lure victims into clicking on a malicious link, which redirects the user to http://www[.]betoncire[.]es/updating/32080592480922000. The link is now inactive.
Fake Website Imitating Amazon Japan
Another example that CPR found is an imitation of Amazon Japan. CPR determined that the page, with the url: amazon[.]update-prime[.]pop2[.]live, is indeed malicious.
Tom Kendrick, EMEA Security Evangelist at Check Point Software, explains:
“Prime Day is prime opportunity for cyber criminals. The shopping event can be fun, but also dangerous for consumers. In the last 30 days alone, over 2300 new domains were registered about Amazon, a 10% increase from the previous Amazon Prime Day. The danger here is being tricked into giving up your credit card info, your passwords and even your home or email address to cyber criminals. Their goal is to make money from your personal details. The tactic cyber criminals use in their deception is domain spoofing, where you click on a page that appears to be from Amazon, but you’re actually on malicious ground. Clearly, cyber criminals are doubling-down on Prime Day this year, as almost all the domains around “Amazon” have red flags. I strongly urge Prime Day shoppers this year to be extra cautious, to watch for misspellings, and to share only the bare minimum. I would triple check emails that appear to be from Amazon next week including delivery notifications. If you’re unsure on the status of a delivery, go directly to the Amazon website and don’t click any links.”
How to Stay Safe on Amazon Prime Day
To help online shoppers stay safe this year, Check Point researchers have outlined practical security and safety tips:
- Watch for misspellings of Amazon.com. Beware of misspellings or sites using a different top-level domain other than Amazon.com. For example, a .co instead of .com. Deals on these copy-cat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.
- Look for the lock. Avoid buying something online using your payment details from a website that does not have secure sockets layer (SSL) encryption installed. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag.
- Share the bare minimum. No online shopping retailer needs your birthday or social security number to do business. The more hackers know, the more they can hijack your identity. Always maintain the discipline of sharing the bare minimum when it comes to your personal information.
- Always note the language in the email. Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they’re in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
- Before Prime Day, create a strong password for Amazon.com. Once a hacker is inside your account, it is game over. Make sure your password for Amazon.com is uncrack-able, well before June 21.
- Don’t go public. If you find yourself at an airport, a hotel or your local coffee shop, please refrain from using their public wi-fi to shop on Amazon Prime Day. Hackers can intercept what you are looking at on the web. This can include emails, payment details, browsing history or passwords.
- Beware of “too good to be true” bargains. This will be tough to do, as Prime Day is all about great offers. But, if it seems WAY too good to be true, it probably is. Go with your gut: an 80% discount on the new iPad is usually not a reliable or trustworthy purchase opportunity.
- Stick to credit cards. During Prime Day, it’s best to stick to your credit card. Because debit cards are linked to our bank accounts, we’re at much higher risk if someone is able to hack our information. If a card number gets stolen, credit cards offer more protection and less liability.