From double-date (11/11 or 12/12) e-commerce sales campaigns to exclusive members-only global online sales festivals, phishing- and cyber- risks abound

According to Check Point Research (CPR) intelligence, this year, over 1,230 new domains associated with Amazon emerged in June 2024, with 85% flagged as malicious or suspicious. One out of every 80 of the malicious or suspicious domains contained the name “Amazon Prime”.

The reason for this is that cybercriminals leverage large sales event to carry out phishing attacks, preying on unsuspecting shoppers.

These attackers employ deceptive tactics, such as sending fake emails or creating fraudulent websites, aiming to steal personal information or financial credentials.

Typical phishing techniques

Here are three examples of how scammers create spoofed websites and domains to ensnare unwary people.

  1. Amazon-onboarding[.]com is a newly registered fraudulent site designed as a page purportedly from Amazon, and it specifically targets credentials linked to staff from goods transportation firms (carriers).
  2. Amazonmxc[.]shop is a counterfeit website of the firm’s Mexico office, designed as a replica of amazon.com.mx. It features a profile login button in the top right corner that, when clicked, collects existing users’ login credentials.
  3. Amazonindo[.]com is a fraudulent website that features a profile login/registration button in the top right corner that, upon clicking, collects existing users’ login credentials.

More than a dozen other fake websites exist, so just because a URL contains the firm’s name does not mean it comes from an official source. This applies to all instances of any company names and brands online.

In June 2024, CPR discovered a widespread phishing campaign mimicking Amazon, particularly targeting the US. The message threatens closure of the account if immediate action is not taken, creating a sense of urgency to prompt the user to respond quickly, fearing data exposure or account termination as consequences of non-compliance. The campaign distributed files such as PDFs contain urgent billing advisories. A phishing link: trk[.]klclick3[.]com directs recipients to a fraudulent website.

Also in June 2024, a Portuguese phishing attempt was detected. A fraudulent email claimed a payment failure and included a deceptive link: http://20[.]212[.]168[.]117/br-pt/primevideo/. The phishing site masqueraded as an official login page. However, this site is not affiliated with Amazon and aims to deceive users into disclosing their account details. The spoof website may still be active even at the time this article came online.

Staying safe from phishing ploys

The examples cited so far can also apply to any other corporation, e-commerce or brand, whether in retail or business-to-business accounts for staff, customers or other people who have dealings with the corporate entities.

Therefore, in order to stay safe, keep the following safety tips in mind:

  • Check URLs carefully: Be wary of misspellings, homoglyphs or sites using a different top-level domain (e.g., .co instead of .com). These copycat sites may look attractive but are designed to steal your data.
  • Create strong passwords: Ensure your password is strong and uncrackable by avoiding personal information that could be guessed by cybercriminals (such as birthdates and names of loved ones). Combine this with other cyber hygiene best practices.
  • Look for the correct URL prefix: Verify that the website URL starts with “https://” and has a padlock icon, indicating a secure connection. Just note that this is just the prime pre-requisite, but does not necessarily mean that an https URL is not a spoofed website! Best approach: go directly to the official target website and find the actual page you need.
  • Minimize or avoid sharing personal information: Avoid sharing unnecessary personal details like your birthday or social security number with any online retailers, their loyalty programs or associated marketers.
  • Be cautious with emails: Phishing attacks often use urgent language to trick you into clicking links or downloading attachments. Always verify the source. These general internet hygiene tips may help.
  • Beware of unrealistic deals: If a deal seems too good to be true, it likely is. Trust your instincts and avoid suspicious offers.
  • Use restricted-limit spare bank cards: Prefer credit cards over debit cards for online shopping as they offer better protection and less liability if stolen. Or apply for a spare credit card dedicated specifically to high-risk general purpose transactions, where the credit limit is low, and other account-protection measures are set to maximum restrictions.
  • Keep in tune with latest scam news and safety tips: With AI advancing so quickly and cybercriminals developing new techniques, knowing the latest cyberattack and scam trends can keep your vigilance at a heightened state and help you advise others effectively.