Highlights
- In the last 30 days, Check Point Research (CPR) has identified over 1,000 newly registered Amazon-related domains, with a staggering 88% of them deemed malicious or suspicious
- 1 of every 54 new Amazon-related domains includes the phrase “Amazon Prime,” many of these domains appear to be “parked” but could be used for phishing attacks
- Check Point Harmony email has identified and blocked 100 unique Amazon Prime-themed scam emails targeting organizations and consumers over the past two weeks
- Scammers target Prime members with unsolicited calls, claiming urgent account issues and requesting payment information
The full story
This October, Amazon Prime’s Big Deal Days are back! If you’re an Amazon Prime member, you won’t have to wait until Black Friday to find a bargain. But buyers beware – cyber criminals are eager to capitalize on the occasion.
New research from Check Point Research (CPR) shows that over 100 different Prime-focused scam emails have been distributed to organizations and consumers in the past two weeks. A number of these emails impersonate Amazon Financial Services and request that consumers take action to update payment methods or similar.
Example of Amazon Prime Big Deal Day phishing email observed
Example of Amazon Prime membership phishing email
In the last 30 days, CPR saw more than 1,000 new Amazon-related domains registered of which 88% have been identified as malicious or suspicious. Many of these domains appear to be “parked” but could be used within phishing attacks. A parked domain is a registered domain name that is not currently being used for a website or email hosting service. Instead, it is “parked” for future use. Some examples of such domains are listed below:
- amazonprimemotels[.]com
- amazonprimeresort[.]com
- amazonprimeresorts[.]com
This fraudulent site offers special deals and leverages the official Amazon logo with slight alterations
Example of a malicious site impersonating the Amazon login page
Why it matters
These types of phishing attempts can target anyone, including your organization’s employees; from the procurement department, to administrative assistants, to executives.
Innocuous looking as the emails may appear, phishing scams can potentially deceive people into turning over account, banking details and/or funds to cyber criminals.
In the long-term, victims and organizations may be affected by financial losses, brand reputational damage, disintegration of customer trust, strained resources and identity theft, among other unwanted outcomes.
How to Stay Safe Shopping on Prime Day
As Amazon Prime’s Big Deal Days approach, consumers are advised to pay extra attention and be extra cautious around emails that pertain to Prime memberships and order confirmations.
Some scammers are also making unsolicited calls to “inform” Prime members that something is amiss with their membership and that bank account or other payment information is required to reinstate a given account.
Worth noting is that artificial intelligence has rendered scam development and deployment easier than ever before for cyber criminals. In turn, scams are becoming increasingly difficult to detect. Organizations are advised to invest in enhanced cyber security measures, like anti-phishing technology, to prevent phishing attempts.
In 2023, Federal Trade Commission data indicated that U.S. consumers lost roughly $10 billion to fraud, reflecting a 14% year-over-year increase.
To help online shoppers stay safe this year, Check Point researchers have outlined practical security and safety tips:
- Check URLs Carefully: Be wary of misspellings or sites using a different top-level domain (e.g., .co instead of .com). These copycat sites may look attractive but are designed to steal your data
- Create Strong Passwords: Ensure your Amazon.com password is strong and uncrackable before Prime Day to protect your account
- Look for HTTPS: Verify that the website URL starts with “https://” and has a padlock icon, indicating a secure connection
- Limit Personal Information: Avoid sharing unnecessary personal details like your birthday or social security number with online retailers
- Be Cautious with Emails: Phishing attacks often use urgent language to trick you into clicking links or downloading attachments. Always verify the source
- Skeptical of Unrealistic Deals: If a deal seems too good to be true, it likely is. Trust your instincts and avoid suspicious offers
- Use Credit Cards: Prefer credit cards over debit cards for online shopping as they offer better protection and less liability if stolen
The value of anti-phishing technology
Check Point’s 360° Anti-Phishing solutions safeguard email accounts, browsers, mobile devices, and networks with real-time, AI-driven protection. By analyzing emails, links, attachments, and suspicious content using ThreatCloud intelligence, this solution detects and blocks both known and unknown phishing attempts before they reach users. Seamlessly integrating with existing security, Check Point ensures comprehensive protection against evolving phishing threats, providing a safer online experience, especially during high-traffic shopping events like Amazon Prime Day.
Learn more about anti-phishing technologies here.