By Staff Writer
Check Point researchers issue warning to Amazon’s 150M prime members, as they spot surges in malicious domains designed to imitate Amazon ahead of its annual online shopping event, Amazon Prime Day.
Hackers are crafting domains with the words “Amazon” and “Prime” in order to trick consumers into giving up their personal details. To help shoppers stay safe this year, Check Point researchers are issuing 7 safety and security tips.
- In the last 30 days, domains registered containing the word “Amazon” increased by 21%. 28% of those are malicious. 10% are suspicious.
- In the last 30 days, the number of domains registered containing the words “Amazon” and “Prime” has doubled within the last 30 days, with 20% of those domains being malicious
- Prime Day will run from October 13-14 for members in the US, UK, UAE, Spain, Singapore, Netherlands, Mexico, Luxembourg, Japan, Italy, Germany, France, China, Canada, Belgium, Austria, Australia, Turkey, and Brazil.
Security researchers at Check Point conducted an analysis of cyber threats related to Amazon’s Prime Day, the annual online shopping event available to over 150 million Amazon Prime members. Researchers observed an usually sharp increase in the number of malicious domains registered containing the words “Amazon”, as well “Prime”. In the 30 days, there was a 21% increase in domains registered containing the word “Amazon”, as compared to the previous month. More than a quarter (28%) of those domains have been found to be malicious and another 10% suspicious.
Furthermore, the number of domains registered containing the words “Amazon” and “Prime” has doubled within the last 30 days, with 20% of those domains being malicious.
Hackers register domains similar to the brands consumers trust in order to lure online shoppers into revealing their personal information, such as credit card information, names, birthday, email and physical addresses, and other details often exchanged in an online purchase. The attack method falls into the category of what is known as a phishing attack. These occur when a hacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message or text message. Recipients are then tricked into clicking a malicious link, which can result in installation of malware, ransomware attacks or the extraction of sensitive information.
Quote: Check Point’s Data Threat Researcher, Omer Dembinsky
“We’re sounding the alarm bells, as we’re seeing unusually high surges of malicious domains attempting to imitate the e-commerce giant at this time. Before Amazon Prime Day, create a strong password, don’t overshare personal details on your profile, and watch for any misspelling of Amazon.com as you shop from page to page. On Amazon Prime Day, triple check if you are actually on Amazon.com. The revelation is clear: as consumers gear up for Prime Day, so are hackers. One wrong click can lead to all your personal information getting out there.”
7 Security and Safety Tips for this year’s Amazon Prime Day
For this year’s Amazon Prime Day, Check Point’s researcher are issuing the following security and safety tips:
- Watch for misspellings of Amazon.com. Beware of misspellings or sites using a different top-level domain other than Amazon.com. For example, a .co instead of .com. Deals on these copy-cat sites may look just as attractive, but this is how hackers fool consumers into giving up their data.
- Look for the lock. Avoid buying something online using your payment details from a website that does not have secure sockets layer (SSL) encryption installed. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag.
- Share the bare minimum. No online shopping retailer needs your birthday or social security number to do business. The more hackers know, the more they can hijack your identity. Always maintain the discipline of sharing the bare minimum when it comes to your personal information.
- Before Prime Day, create a strong password for Amazon.com. Once a hacker is inside your account, it is game over. Make sure your password for Amazon.com is uncrack-able, well before October 14.
- Don’t go public. If you find yourself at an airport, a hotel or your local coffee shop, please refrain from using their public wi-fi to shop on Amazon Prime Day. Hackers can intercept what you are looking at on the web. This can include emails, payment details, browsing history or passwords.
- Beware of “too good to be true” bargains. This will be tough to do, as Prime Day is filled with great offers. But, if it seems WAY too good to be true, it probably is. Go with your gut: an 80% discount on the new iPad is usually not a reliable or trustworthy purchase opportunity.
- Stick to credit cards. During Prime Day, it’s best to stick to your credit card. Because debit cards are linked to our bank accounts, we’re at much higher risk if someone is able to hack our information. If a card number gets stolen, credit cards offer more protection and less liability.