Amazon Prime Day 2021 is upon us and many people will be laser-focused on identifying the best possible deals. But it’s not just consumers that will be out in force.
As with any major event, Amazon Prime Day provides fertile ground for cybercriminals hoping to scam people out of their personal information and hard-earned cash. Analysis from multiple security companies suggests the threat level could be particularly high this year.
According to Check Point Software, upwards of 2,300 new Amazon-related domains have been registered in the last 30 days, representing a 10% increase on the previous Amazon Prime Day. The majority (80%) of these websites are classified as potentially dangerous, while 46% were found to host malware or phishing mechanisms.
- Check out our list of the best identity theft protection services around
- We've built a list of the best secure password generators out there
- Here's our list of the best security keys for multi-factor authentication
There are a number of strategies scammers can use to attract punters to these dangerous addresses. For example, they could pose as a member of the Amazon customer service team, or send out an email promoting a time- or stock-limited flash deal. Criminals have also been known to insert themselves further down the e-commerce chain, masquerading as payment providers and delivery companies.
Amazon Prime Day: Advice from security experts
Although consumers will likely be subjected to a barrage of phishing attacks on Amazon Prime Day, there is plenty that can be done to avoid falling victim to scammers. And the responsibility doesn’t just fall on shoppers; retailers have a responsibility to protect customers too.
Here’s what the security experts have to say:
Dan DeMichele, VP Product at LastPass by LogMeIn
“As everyone begins tracking down the best deals, threat actors are making plans to exploit any slip-ups in our online behaviour. Security risks linger even after making the initial purchase, for example in phishing emails disguised as post-purchase correspondence, from receipts and tracking numbers to requests for feedback. To stay safe against cybercriminals, consumers should be on the look-out for suspicious behaviour – double checking URLs and making sure the padlock symbol on your browser is present are good places to start.”
Tom Kendrick, EMEA Security Evangelist at Check Point
“I strongly urge Prime Day shoppers this year to be extra cautious, to watch for misspellings, and to share only the bare minimum. I would triple check emails that appear to be from Amazon next week, including delivery notifications. If you’re unsure of the status of a delivery, go directly to the Amazon website.”
Jake Moore, Cybersecurity Specialist at ESET
“Scammers are attracted to special online events like moths to a flame. There is the potential that customers will see an sizable increase in calls, emails and texts attempting to entice people into parting with their cash.”
“It is important that people never part with their Amazon password and that their account is secured with two-factor authentication. If there is ever a warning there may be a problem with your account it is advised to go direct to the app installed on your phone rather than clicking on links in emails or text messages.”
Armorblox threat research team
“Many legitimate sales and offers during Prime Day leverage the ‘hyperbolic discounting’ effect by offering products on discounts that are almost too good to be true. Scammers exploit this same cognitive bias by sending email announcements that are actually too good to be true (i.e. they are scams).”
Todd Moore, VP Encryption Solutions at Thales
“While we all want the latest and greatest deals, shoppers need to be vigilant about the purchases they make online. Customers may be savvy when it comes to threats like phishing and fraudulent landing pages, but many don’t know that their personal information is still at risk from the threat of cyberattacks long after a package arrives on their doorstep.”
“Consumers do have a duty to ensure they are using strong passwords and multi-factor authentication to protect their details, but the brunt of responsibility falls on retailers to implement end-to-end encryption of sensitive payment data."
Simple tips to stay protected on Amazon Prime Day
The following tips, provided by a collection of security companies, can help you shield your devices and personal data on Amazon Prime Day.
- Stay alert to misspellings of “Amazon” in web addresses, as well as any websites that use different top-level domains (e.g. .co instead of .com)
- Check emails for grammar and spelling mistakes that might betray a scam
- Avoid entering payment details into websites not protected by SSL encryption (look for the “https://” suffix and lock icon in the URL bar)
- Beware of deals that are too good to be true. There will be plenty of amazing deals on Amazon Prime Day, but you’re never going to get a new MacBook for $200
- Avoid sharing personal details over the phone with customer support or billing representatives
- Use credit cards instead of debit card, which will make it easier to recover funds if disaster does strike
- Always use a VPN service when shopping over public Wi-Fi networks, which are inherently insecure
- Deploy two-factor authentication to prevent unauthorized access to your accounts and a password manager to store your credentials
- Make sure your operating system and web browser are fully updated, with all the latest security patches installed
- We've built a list of the best antivirus services right now
