SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Check Point Research warns of a surge in malicious activity around Amazon Prime Day
Fri, 18th Jun 2021
FYI, this story is more than a year old

Researchers warn of increased cybercrime on and around Amazon Prime Day 2021 as malicious activity surges.

Check Point Research says there has been a surge in malicious activity in the run-up to Amazon Prime Day 2021, with nearly 80% of domains containing the word Amazon being potentially dangerous.

This year the event will occur on June 21-22 with over 20 countries expected to participate in Amazon's annual online shopping event. Check Point says numerous cybercriminals are impersonating the Amazon brand ahead of the event, in order to deceive consumers into the theft of their email addresses, payment details, passwords, and other personal details.

In the last month, over 2,300 new domains were registered relating to Amazon, a 10% increase from the previous Amazon Prime Day. Almost one out of two (46%) new registered domains containing the word Amazon are malicious, while 32% of newly registered domains with the word Amazon are deemed suspicious.

Domain spoofing is a popular way for cybercriminals to steal money or sensitive data, look-alike domains are registered with the aim of diverting online traffic and redirecting unsuspecting consumers to websites containing malware, or prompting users to provide personal information.

“Prime Day is a perfect opportunity for cybercriminals,” says Check Point Software EMEA security evangelist, Tom Kendrick.

“The shopping event can be fun, but also dangerous for consumers. In the last 30 days alone, over 2300 new domains were registered about Amazon, the danger here is being tricked into giving up your credit card info, passwords, and even your home or email address to cybercriminals. Their goal is to make money from your personal details.

“The tactic cybercriminals use in their deception is domain spoofing, where you click on a page that appears to be from Amazon, but you're actually on malicious ground. Clearly, cybercriminals are doubling down on Prime Day this year, as almost all the domains around Amazon have red flags.”

He strongly urges Prime Day shoppers this year to be extra cautious, to watch for misspellings, and to share only the bare minimum. He says triple check emails that appear to be from Amazon next week, including delivery notifications. “If you're unsure on the status of a delivery, go directly to the Amazon website and don't click any links.

To help online shoppers stay safe this year, Check Point researchers have outlined practical security and safety tips:

  • Watch for misspellings of Amazon.com
  • Avoid buying something online using your payment details from a website that does not have secure sockets layer (SSL) encryption installed. 
  • Share the bare minimum of your personal information. 
  • Always note the tone in the email, social engineering techniques often make people rush and ignore suspicious behaviour.
  • Before Prime Day, create a strong password for Amazon.com.
  • Don't use public Wi-Fi to shop on Amazon Prime Day.
  • Beware of “too good to be true” bargains. 
  • Stick to credit cards, as debit cards are linked to bank accounts.