If you regularly do your shopping online, there is a good chance that Amazon is a favorite destination. It serves millions of customers daily and usually has a few specials and discount rates going.
But one of the most important days for any online shopping is Amazon’s annual Prime Day. Stretched over two days now, Prime members get promotions, special deals and steep discounts on a huge selection of products.
Prime Day begins at midnight PDT Monday, June 21 this year, and cybercriminals are already trying to cash in. Some tech-savvy thieves have been setting up spoofed Prime Day sites to try and rip unsuspecting victims off. Keep reading to find out what to watch for.
Here’s the backstory
Prime Day highlights the retail giant’s annual calendar, where Prime members can get amazing specials and discounts. There are usually steep reductions in price on Amazon’s own products like Echo devices, Kindle e-readers or Fire TV Sticks.
While shoppers eagerly await the big day, cybercriminals have already ramped up their efforts to rip people off. They are doing this by setting up spoofed Prime Day websites, which are used to steal your personal information, including banking details. Some of the fake sites are designed to infect your device with malware.
Check Point Software looked into cyberattacks leading up to Prime Day and found an increase at an alarming rate. Last year’s Prime Day saw 28% of websites registered with “Amazon” in the name to be malicious.
That has almost doubled this year, with 48% of newly-registered websites harboring malicious content. While fewer websites registered this year with “Amazon” in the domain name, over 2,300 were still registered in the last 30 days.
A Prime Day for phishing
Check Point found that the preferred method of deceiving people into visiting malicious websites was phishing attacks.
“Phishing methods and techniques constantly get creative and innovative, with threat actor’s constantly seeking for ways to lure victims into click on what seems to look like a very legitimate website or email coming from an “expected” or familiar source,” Check Point wrote in a blog post.
Phishing attacks usually involve research on the intended target and attempt to infiltrate a victim’s account through malicious attachments or links sent in emails. Criminals will try to disguise the emails as coming from Amazon itself or representatives of the company.
How to stay safe
Criminals are becoming masters at spoofing official websites. That’s why it’s important to type the official web address into your browser when visiting a site rather than following a link from an unsolicited email.
That’s just one precaution to take. There are others. Here are some ways to avoid falling victim to spoofed Amazon sites:
- Watch for incorrect addresses – Check the domain name of any website before entering any sensitive information there. A spoofed web address will look similar to the official one but will be off just a little. There could be an extra character, or the spelling might be off by a letter or two.
- Make sure the site is secure – Any reputable online retailer will have a secure website for transactions. Look for the lock icon next to the URL in your browser. If you don’t see it, the website isn’t secure.
- Strengthen your passwords – Update your Amazon password before Prime Day and ensure that it’s a strong one. Need help? Tap or click here for ways to create the strongest passwords possible.
- Don’t use debit cards online – Where possible, buy products online with a credit card. In doing so, it affords you more ways to recoup losses if something goes wrong.