Check Point Research (CPR), the threat intelligence department of Check Point Software Technologies Ltd., discovered again this year that cyber criminals are abusing Amazon Prime Day, the US group’s shopping event with special offers inexperienced users Spoofing and phishing to cheat. The aim is to provide information about the people themselves, their credit cards, bank accounts and passwords. Taking advantage of such opportunities is not new. Prime Day in particular, as a major global sales event, has served criminals as a welcome cover for years. Prime Day will take place on June 21 and 22, 2021.
Amazon Prime Day: Over 2,300 Suspicious New Domains
In the past 30 days, the security experts recorded over 2,300 infected or suspicious new domains in connection with the keyword Amazon. That is an increase of around ten percent compared to last year. 46 percent of the newly registered domains could be classified unequivocally as malicious. 32 percent were classified as suspicious and are under observation. This so-called Domain spoofing is a popular tool for hackers to keep their victims safe. They then deprive online shoppers of money and sensitive information – disguised under the guise of Amazon. The following is an example of how a criminal pretends to be a support employee in order to elicit the access data for the victim’s Amazon account.
In addition to obvious errors within the text of the message, which they unmask as a fake, it was also not sent from an official Amazon address, but from: admin @ fuseiseikyu-hl[.]jp. This is very clear evidence that the message was not sent by Amazon. In general, errors in spelling and grammar, as well as suspicious e-mail addresses, are a big warning sign of phishing scams. Accordingly, the link did not lead to an official page and there for account verification, but to a real-looking website of the criminals, which has since been switched off.
Prime opportunity for all types of hackers
“Prime Day is a first-class opportunity for hackers of all kinds. The danger is that customers can be misled into accidentally sending their personal information such as home and email address, telephone number or even credit card details and passwords to criminals. We also suspect that the cyber criminals will significantly increase their efforts around Amazon Prime Day this year, ”reports Christine Schönig, Regional Director Security Engineering CER, Office of the CTO, at Check Point Software Technologies GmbH.
“Almost all registered domains around Amazon as a keyword have been given red flags by us. So they are considered dangerous or suspicious. I recommend all customers – and this year urgently – to be very careful, to watch out for misspellings in messages supposedly originating from Amazon, to check the sender address of the e-mails, not to follow any links in case of suspicion and only the bare minimum of information to share ”, continues Schönig.
How users stay safe on Amazon Prime Day
To help online shoppers stay protected this year, Check Point specialists have put together eight practical security tips:
- Watch out for incorrect spellings of Amazon.de: Beware of spelling mistakes or websites that use a top-level domain other than Amazon.de. Internationally, for example, a .co instead of a .com. The offers on these copycat pages often look deceptively real.
- Look out for the green padlock: Do not enter your payment details on a website that does not have Secure Sockets Layer (SSL) encryption installed. To know if the site has SSL, look at the beginning of the address bar – before the www. – on the letter S in HTTPS. If it only says http, the encryption is missing. In addition, a closed padlock appears as a symbol in modern browsers. Typically to the left of the address line, where the URL of the website is.
- Share only the bare essentials: No online shopping retailer actually needs your birthday or ID number to do business. But the more hackers find out, the easier it is for you to abuse your identity or blackmail you. Personal data has become a valuable raw material in the digital world.
- Always pay attention to the language in the email: Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when in a rush. Or they tend to follow the instructions of higher-ranking people without objection. Phishing messages are written accordingly. In this way, scammers try to convince their victims to ignore suspicions about an email. They want to get you to click a link or open an attachment.
- Create a secure password for Amazon.de: Once a hacker has gained access, it’s too late. Passwords should therefore be made as difficult as possible. Password managers can help here as programs to allow complex passwords to be created by algorithms.
- Do not use public internet hot spots: If you are at an airport, in a hotel or in your local coffee shop, it would be better not to use public WiFi to shop on Amazon Prime Day. These entrances are usually poorly or not protected and therefore open like a barn door for man-in-the-middle attacks. Hackers can intercept everything you do and look at on the Internet here. This includes emails, payment details, browser history or passwords.
- Beware of excessive bargains: If a discount seems too good to be true, it probably is. Listen to your gut instinct. An 80 percent discount on the new Apple iPad is hardly a reliable or trustworthy buying opportunity.
- If in doubt, stick with credit cards or payment service providers: If you don’t want to pay by bank transfer during Amazon Prime Day, it is best to stick to your credit card or to a service provider. EC cards that are linked to our bank accounts and direct debits with disclosure of the account number expose you to a high risk. Namely if you have landed on a fraudulent website or are on an insecure network. In the case of credit cards, on the other hand, the provider is always interposed for security and liability.
Check Point Research (CPR) provides cyber threat intelligence to Check Point Software customers and the wider intelligence community. The research team collects and analyzes global cyber attack data stored on the ThreatCloud. The aim is to keep hackers away while ensuring that all Check-Point products are updated with the latest protections.
Check Point Software Technologies Ltd. is a provider of cyber security solutions for companies and governments worldwide. The solutions in the Check-Point Infinity portfolio protect customers against 5th generation cyber attacks with a high capture rate of malware, ransomware and other threats. (sg)