Amazon (AMZN) – Get Amazon.com Inc. Report Prime’s iconic two shopping days kicked off on Tuesday, giving cyber thieves a greater opportunity to steal information from consumers.
Researchers at Avanan, a New York-based email security company, said hackers are preying on the popularity of Amazon Prime Day and have sent out phishing emails to nab personal and financial information of consumers.
While Amazon shoppers are inundated with tons of emails and texts with deals and discounts, hackers are planning to phish as many people as possible and generate revenue.
The main reason that phishing scams are “so convincing is that they often mimic the look of a brand or a credible person down to a very fine detail,”
Ryan McCurdy, vice president of marketing at Bolster, Inc., a Los Altos, Calif.-based provider of automated digital risk protection, told TheStreet.
“Three-quarters of companies worldwide have experienced some form of phishing attack as it’s one of the easiest tactics that hackers use to steal data from employees, customers and partners,” he said. “To make matters worse, they prey on human action bias, with a call to action stating that attention must be taken right now.”
Amazon remains a very popular popular phishing target – hackers spoof emails and hope to lure in unsuspecting shoppers who believe the emails are actually from the internet giant.
Why Hackers Love Amazon Prime Day
Shoppers who are anxiously awaiting the amazing offers and discounts revealed during July 12 and July 13 are likely to meet the bad actors who are “lying in wait to take advantage of the excitement, Patrick Harr, CEO at SlashNext, a Pleasanton, Calif.-based anti-phishing company, told TheStreet,
“SlashNext has tens of thousands of live malicious Amazon phishing URLs in our database, which has increased over the last 72 hours,” he said.
The majority of the scams are designed to take advantage of Amazon Prime Day shoppers seeking deals, but there are also more dangerous phishing attacks that will steal credit card data along with “rogue software which can lead to ransomware and account takeovers,” Harr said.
How Consumers Can Avoid Hackers
Consumers should ensure that the email is being sent from Amazon because there are millions of spoofed or unauthentic emails.
Scroll to Continue
“Cybercriminals utilize this common attack vector because people often focus on the branding and aesthetics of the email to mistakenly click a malicious link,” Darren Guccione, CEO at Keeper Security, a Chicago-based provider of zero-trust and zero-knowledge cybersecurity software, told TheStreet.
Amazon rarely sends out advertising or marketing emails aside from the ones that include a summary of purchases or notification of an account login from a new device, he said.
Shoppers should avoid clicking on any links from emails “purportedly sent by Amazon which in actuality, may originate from a malicious attacker and thus may not be authentic,” Guccione said. “Always check the URL that the site navigates you to.”
The links from cyber criminals are likely to contain malware or route a person to a nefarious website to enter their account credentials so the fraudsters can steal them.
Consumers can do an end run from hackers and go directly to Amazon’s website or “better yet, use a password manager,” he said. “For example, Keeper routes and authenticates users to and with authentic sites and notifies a user when a URL they navigate to doesn’t match their data stored in Keeper.”
What Hackers Do With Your Data
Cyber attackers will leverage any current event such as fake Black Friday and Cyber Monday deals and package delivery notifications to target consumers with phishing campaigns, Hank Schless, senior manager, security solutions at Lookout, a San Francisco, Calif.-based security service edge (SSE) provider, told TheStreet.
The fraudsters will steal consumer personal login credentials and bank and credit card information.
“The attacker can then attempt to use the credentials across tens of thousands of online banking sites, healthcare platforms, and other places with valuable or sensitive data,” he said. “This is a process known as credential stuffing.”
Consumers can learn to spot phishing campaigns – never click on a shortened link such as bitly or tinyurl links that is paired with an offer or advertisement, Schless said.
“This incident also shows how important it is to protect yourself from phishing attacks on your mobile device as attackers increase the volume and believability of their malicious campaigns.”
Amazon Prime Day, which became a two-day event in 2019, is not just available in the U.S., but also in Austria, Australia, Belgium, Brazil, Canada, China, France, Germany, Italy, Japan, Luxembourg, Mexico, the Netherlands, Poland, Portugal, Singapore, Spain, Sweden and the U.K.
Other retailers have also launched their own shopping deals such as Target’s (TGT) – Get Target Corporation Report Deal Days.