New research from Check Point Research (CPR) shows that over 100 different Prime-focused scam emails have been distributed to organisations and consumers in the past two weeks. A number of these emails impersonate Amazon Financial Services and request that consumers take action to update payment methods or similar.
In the last 30 days, CPR saw more than 1,000 new Amazon-related domains registered of which 88% have been identified as malicious or suspicious. Many of these domains appear to be “parked” but could be used within phishing attacks. A parked domain is a registered domain name that is not currently being used for a website or email hosting service. Instead, it is “parked” for future use.
- amazonprimemotels[.]com
- amazonprimeresort[.]com
- amazonprimeresorts[.]com
Why it matters
These types of phishing attempts can target anyone, including your organisation’s employees; from the procurement department, to administrative assistants, to executives.
Innocuous looking as the emails may appear, phishing scams can potentially deceive people into turning over accounts, banking details and/or funds to cyber criminals.
In the long-term, victims and organisations may be affected by financial losses, brand reputational damage, disintegration of customer trust, strained resources and identity theft, among other unwanted outcomes.
How to stay safe shopping on Prime Day
As Amazon Prime’s Big Deal Days approach, consumers are advised to pay extra attention and be extra cautious around emails that pertain to Prime memberships and order confirmations.
Some scammers are also making unsolicited calls to “inform” Prime members that something is amiss with their membership and that bank account or other payment information is required to reinstate a given account.
Worth noting is that artificial intelligence has rendered scam development and deployment easier than ever before for cyber criminals. In turn, scams are becoming increasingly difficult to detect. Organisations are advised to invest in enhanced cyber security measures, like anti-phishing technology, to prevent phishing attempts.
To help online shoppers stay safe this year, Check Point researchers have outlined practical security and safety tips:
- Check URLs carefully: Be wary of misspellings or sites using a different top-level domain (e.g., .co instead of .com). These copycat sites may look attractive but are designed to steal your data
- Create strong passwords: Ensure your Amazon.com password is strong and uncrackable before Prime Day to protect your account
- Look for HTTPS: Verify that the website URL starts with “https://” and has a padlock icon, indicating a secure connection
- Limit personal information: Avoid sharing unnecessary personal details like your birthday or social security number with online retailers
- Be cautious with emails: Phishing attacks often use urgent language to trick you into clicking links or downloading attachments. Always verify the source
- Sceptical of unrealistic deals: If a deal seems too good to be true, it likely is. Trust your instincts and avoid suspicious offers
- Use credit cards: Prefer credit cards over debit cards for online shopping as they offer better protection and less liability if stolen
The value of anti-phishing technology
Check Point’s 360° Anti-Phishing solutions safeguard email accounts, browsers, mobile devices, and networks with real-time, AI-driven protection. By analysing emails, links, attachments, and suspicious content using ThreatCloud intelligence, this solution detects and blocks both known and unknown phishing attempts before they reach users. Seamlessly integrating with existing security, Check Point ensures comprehensive protection against evolving phishing threats, providing a safer online experience, especially during high-traffic shopping events like Amazon Prime Day.
