Phishing spike detected in lead-up to Amazon Prime Day

11 Jul 2022

Image: © dennizn/Stock.adobe.com

Researchers at Check Point have detected a 37pc increase in daily Amazon-related phishing attacks as Prime Day approaches.

With Amazon Prime Day around the corner, security researchers are warning excited shoppers to be aware of potential scams as cybercriminals prepare to exploit the busy online period.

New research indicates there has been a rise in phishing attacks, which is when an attacker pretends to be a company such as Amazon to steal confidential information including credit card numbers or passwords.

This can be done through various methods, such as texts and emails that link to a fake website. The practice of cybercriminals creating malicious website domains that impersonate legitimate company websites has been going on for years.

However, there were almost 1,900 new domains related to the term ‘amazon’ last month, according to cybersecurity company Check Point Software. The company said around 9.5pc of these domains were deemed either malicious or suspicious in nature.

Check Point researchers also detected a 37pc increase in daily Amazon-related phishing attacks this month compared to the daily average from June.

This year’s Amazon Prime Day takes place on 12 and 13 July. The rise in phishing activity as Prime Day approaches is a trend that mirrors previous years, according to Check Point.

The firm said there was an 86pc increase in phishing emails related to Amazon Prime Day in June 2021 compared to the previous month. There was also a 16pc increase in phishing URLs in the same period.

A report by Check Point company Avanan, which specialises in email security, said there has been a rise in Amazon-related phishing emails and that the tech giant is “one of the most impersonated brands out there”.

The company shared examples of email-related scams it has detected. In one case, hackers send an email with the promise of an Amazon gift card if the user takes a survey. However, the link leads victims to a credential harvesting page, which will try to get a user’s password.

An email phishing scam that looks as if it came from Amazon. The email is offering a $1,000 gift card if the user clicks a link.

One of the email phishing scams that was detected. Image: Avanan

Avanan said it expects phishing attacks like this to “spread like wildfire” during the Prime Day period and encouraged both users and companies to be on alert.

“Impersonating a brand is one of the classic social engineering tactics out there,” Avanan said. “Impersonating perhaps the world’s most recognisable brand is a sure-fire way to get at least some people to engage.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com