Security Experts Warn of Amazon Prime Day Scams

Security experts are warning of a deluge of phishing activity designed to capitalize on a major Amazon promotional event taking place this week.

Amazon Prime Day is said to be bigger for the e-commerce giant than Black Friday and Cyber Monday combined. That makes it a lucrative target for scammers looking to mimic the Amazon brand in order to trick unwitting shoppers into divulging sensitive personal and financial information.

Fraud prevention company Bolster said it analyzed hundreds of millions of web pages using deep learning, natural language processing and computer vision technology, in order to spot phishing patterns.

“After the spike in March coinciding with the World Health Organization’s COVID-19 pandemic announcement, there was a slight dip then a gradual increase with a sharp spike in August with another 2.5-times increase in September,” it explained.

“The obvious spike is a strong indication that cyber-criminals are gearing up for a profitable Prime Day to take advantage of the unwary.”

These scams could take many forms including: a fake Amazon website featuring new Kindles for $79 requesting confirmation of payment details, a customer support site requiring information to process returns and order cancellations and an ‘Amazon loyalty program’ which offers a free iPhone 11 Pro for answering a few survey questions, and completing payment information.

Bolster urged users to never shop via links in unsolicited emails, to always check the purchasing experience in case it differs from the Amazon norm and to check site details such as blurry images and missing links if they suspect a phishing page.

“The heightened activity around Prime Day and the desire of consumers to not miss out on the deals make it ripe for scams and deception,” warned Neal Dennis, threat intelligence specialist at Cyware.

“Some simple tips for spotting phishing emails include checking the address of the sender, noticing any bad grammar or misspellings and using common sense when considering what the email is asking you for.”

What’s Hot on Infosecurity Magazine?