.png)
In the first few weeks of June, security researchers at Check Point managed to find more than 1,230 new domains attempting to impersonate Amazon ahead of the company’s Prime Day event this week.
This increase is common before major events or holidays; according to reporting from Cybernews, the sites found by the researchers were “sketchy at best and outright malicious at worst.”
Many used the term “Amazon Prime” specifically in an obvious attempt to trick victims into clicking through and logging in by mistake. The Check Point researchers also warned that the threat actors behind this campaign are sending out very convincing phishing emails in an attempt to dupe users. These emails claim to be from Amazon's customer service team with subject lines like “Refund error” or “Account issue” but are designed to steal your login credentials.
Given the email and login page both look quite legitimate and contain a message designed to instill a sense of urgency, unsuspecting users will often click through the embedded link that says “Update your address” or sign in to fix the account issue. However, instead of updating their information what they’ve done is hand over their personal details to online threat actors. They will then try to use this stolen user data for unauthorized purchases, to commit identity theft or for other malicious activities.
How to stay safe
As with any phishing campaign, you should be vigilant about anything that arrives unexpected in your inbox and wants you to click on it. Especially if there’s a sense of urgency implied, even if that urgency looks and seems legitimate.
However, you should also hover over URLs to see where they’re redirecting to, and if it ends in .top or .online or somewhere else with hyphens or extra numbers or anything else iffy or weird, don’t go there. Just enter in the URL to the browser manually. Obviously if it doesn’t have an https and the padlock icon don’t enter in your personal information but those can be faked too.
Two other security measures that can help are two factor or multi factor authentication, and a password manager. The multi-factor authentication will create another step for hackers and threat actors to have to conquer to take over your accounts, and the password manager helps you create strong, unique passwords and keeps track of them in a way that's harder to crack.
Remember: Anything that seems to good to be true online, probably is. And anything that seems super urgent or immediate, probably isn't. Also, paying with a credit card is safer than a debit card since you can file a claim, and paying with virtual cards, payment apps, or anything that an has an extra layer of protection is also a good idea. Never wire cash or use a direct bank transfer when paying for things online.
Lastly, some of the best antivirus programs will also have additional features that can help protect you while you shop online like a VPN and browser warnings when you visit a shady website.
English (US) ·