Amazon Prime Day is on the horizon, and we'll be getting you the best deals on phones, gaming systems, laptops, headphones, and more. However, you may want to watch your back during the big-box retailer's massive two-day sale.
Check Point Research (CPR), a cybersecurity firm, published a new report that discovered an uptick of cybercriminals targeting Amazon shoppers as Prime Day looms. It's no surprise that Amazon users are on malicious actors' radar. Amazon is one of the most impersonated brands for phishing attacks after Google.
Cybercriminals have Amazon Prime Day shoppers in their crosshairs
During the 30 days leading up to Amazon Prime Day 2021, CPR discovered that over 2,300 new domains registered were about Amazon; this is a 10% year-to-year increase.
Investigators concluded that nearly half (46%) of the domains are malicious; another 32% are deemed suspicious. One of the most common tactics malicious actors use to mislead Prime Day shoppers is phishing. CPR said threat actors are becoming more "creative and innovative" with their attempts to lure unsuspecting shoppers into their lair.
A phishing attack involves luring victims to click on what seems like a trusted, legitimate, familiar source, but behind all the smoke and mirrors is a cybercriminal baiting Prime shoppers to give up sensitive information (e.g. passwords ad payment information).
"Typically, the emails the victim receives appear to come from a known contact or organization. Attacks are carried out through malicious attachments or links to malicious websites," CPR said.
Here's an example of an Amazon phishing website the CPR team spotted during its investigation, which looks similar to Amazon Japan's login page.
If an Amazon Prime Day shopper isn't vigilant enough, they may end up giving up their credentials to a fraudulent phishing website. Fortunately, there are glaring red flags that will alert sale seekers that they've stumbled upon a fraudulent page.
How to steer clear of cybercriminals during Prime Day
1. Laptop Mag will never lead you astray. We will be keeping an eye out for the best Prime Day 2021 deals on tech, including laptops, phones, earbuds, game systems and more. Stick by us and we'll help you navigate Prime Day safely.
2. Look for the lock. CPR investigators say that shoppers should avoid typing their payment details on websites without the secure sockets layer (SSL) encryption. To find out if a site has SSL, look out for the "S" in HTTPS (instead of HTTP). You should also look for a padlock icon on the address bar.
3. Watch out for Amazon.com misspellings. Cybercriminals are notorious for leaving spelling mistakes on their copycat websites. You should also look at the URL. For example, a malicious actor may create a domain with "Amazon.co" instead of "Amazon.com."
4. Create a strong password for Amazon.com before Prime Day. Hackers will be on the prowl during Prime Day, so ensure that your password is damn-near uncrackable before the two-day sale approaches. Consider enabling two-step verification.
5. Stick to credit cards. Using your debit card for Prime Day puts you at higher risk if someone hacks your information. Credit cards, on the other hand, offer more protection and less liability.