Highlights:

  •  New Domains: Over 1,230 new domains associated with Amazon emerged in June 2024, with 85% flagged as malicious or suspicious
  • Amazon Prime Domains: 1 out of every 80 new Amazon-related domains identified as malicious or suspicious contains the phrase “Amazon Prime”
  • Examples of Malicious Sites:

o   amazon-onboarding[.]com: A phishing page targeting carrier-related credentials

o   amazonmxc[.]shop: A counterfeit Amazon Mexico website designed to steal login credentials

o   amazonindo[.]com: A fraudulent site collecting users’ login credentials

As we approach Amazon Prime Day on July 16-17, 2024, online shoppers eagerly anticipate incredible deals and exclusive offers. In 2023, Prime members purchased more than 375 million items worldwide and saved over $2.5 billion on millions of deals, making it the biggest Prime Day event ever​ (US About Amazon)​.

However, amidst the excitement, there is an underlying risk that cannot be ignored. Cyber criminals leverage this occasion to carry out phishing attacks, preying on unsuspecting shoppers. These attackers employ deceptive tactics, such as sending fake emails or creating fraudulent websites, aiming to steal personal information or financial credentials. While Prime Day offers incredible savings, it is crucial for shoppers to remain vigilant, exercise caution while clicking on links or providing sensitive information, and ensure they are navigating legitimate platforms.

How Phishing Works

Phishing attacks often begin with a message sent via email, social media, or other electronic communication means. Cyber criminals use public resources like social networks to gather background information about their victims, which helps them craft convincing fake messages. These messages typically contain malicious attachments or links to fake websites that appear to be owned by trusted entities like Amazon. The goal is to collect private information such as usernames, passwords, or payment details.

Alarming findings on domain registration and phishing attacks

Ahead of Amazon Prime Day in July 2024, we observed a significant increase in cyberattacks related to Amazon Brand.

During June 2024, more than 1,230 new domains associated with Amazon emerged, with 85% flagged as malicious or suspected to be malicious. Examples of these newly malicious created malicious sites include:

  • amazon-onboarding[.]com is a newly registered fraudulent site designed as a phishing page pretending to be Amazon, specifically targeting carrier-related credentials.
  • amazonmxc[.]shop is a counterfeit Amazon Mexico website, designed as a replica of amazon.com.mx. It features a profile login button in the top right corner that, when clicked, collects users’ login credentials.
  • amazonindo[.]com is a fraudulent Amazon website. It features a profile login/registration button in the top right corner that, upon clicking, collects users’ login credentials.

And more:

  • shopamazon2[.]com
  • microsoft-amazon[.]shop
  • amazonapp[.]nl
  • shopamazon3[.]com
  • amazon-billing[.]top
  • amazonshop1[.]com
  • fedexamazonus[.]top
  • amazonupdator[.]com
  • amazon-in[.]net
  • espaces-amazon-fr[.]com
  • usiamazon[.]com
  • amazonhafs[.]buzz
  • usps-amazon-us[.]top
  • amazon-entrega[.]info
  • amazon-vip[.]xyz
  • paqueta-amazon[.]com
  • connect-amazon[.]com
  • user-amazon-id[.]com
  • amazon762[.]cc
  • amazoneuroslr[.]com
  • amazonw-dwfawpapf[.]top
  • amazonprimevidéo[.]com

 

File phishing attempt example

In June 2024, we discovered a widespread phishing campaign mimicking the Amazon brand, particularly targeting the US. The campaign distributed files with the following MD5 hash: 39af8a116a252a8aaf2328e661b2d5a2. One example file is named Mail-AmazonReports-73074[264].pdf.

The file’s content lures victims by urgently informing them that their Amazon account has been suspended due to mismatched billing information with their card issuer. It instructs them to update their payment details through a phishing link: trk[.]klclick3[.]com, that directs them to a fraudulent website. The message threatens closure of the account if immediate action is not taken, creating a sense of urgency to prompt the user to respond quickly, fearing data exposure or account termination as consequences of non-compliance.

Site phishing attempt example

In June 2024, a Portuguese phishing attempt mimicking Amazon was detected. The fraudulent email claimed a payment failure for an Amazon Prime Video order (#D04-0005691-32024) and included a deceptive link: http://20[.]212[.]168[.]117/br-pt/primevideo/.

The phishing site masquerades as an Amazon login page, prompting users to enter their login credentials under the guise of being genuine Amazon. However, this site is not affiliated with Amazon and aims to deceive users into disclosing their account details.

How to Stay Safe Shopping Online on Amazon Prime Day

To help online shoppers stay safe this year, Check Point researchers have outlined practical security and safety tips:

  1. Check URLs Carefully: Be wary of misspellings or sites using a different top-level domain (e.g., .co instead of .com). These copycat sites may look attractive but are designed to steal your data.
  2. Create Strong Passwords: Ensure your Amazon.com password is strong and uncrackable before Prime Day to protect your account.
  3. Look for HTTPS: Verify that the website URL starts with “https://” and has a padlock icon, indicating a secure connection.
  4. Limit Personal Information: Avoid sharing unnecessary personal details like your birthday or social security number with online retailers.
  5. Be Cautious with Emails: Phishing attacks often use urgent language to trick you into clicking links or downloading attachments. Always verify the source.
  6. Skeptical of Unrealistic Deals: If a deal seems too good to be true, it likely is. Trust your instincts and avoid suspicious offers.
  7. Use Credit Cards: Prefer credit cards over debit cards for online shopping as they offer better protection and less liability if stolen.

How to Protect Against Phishing Emails

Check Point safeguards against the pervasive menace of phishing with its comprehensive 360° Anti-Phishing solutions, providing security across email accounts, browsers, endpoints, mobile devices, and networks. Powered by Check Point ThreatCloud AI, this solution offers zero-day phishing protection by analyzing hundreds of indicators of compromise in real time. It meticulously inspects every attribute of incoming emails, including attachments, links, and textual content, substantially reducing risks before messages reach your inbox. Additionally, the Check Point Harmony Email and Collaboration Anti-Phishing solution leverages advanced AI-driven algorithms to detect and block phishing attempts in real time by analyzing URLs, domains, and suspicious content, ensuring comprehensive protection. This robust solution integrates seamlessly with existing security infrastructure, providing a layered defense strategy that adapts to evolving threats. By leveraging ThreatCloud intelligence, Harmony Anti-Phishing identifies and mitigates both known and unknown phishing attempts, safeguarding sensitive information and maintaining user trust.

By leveraging these advanced solutions, organizations can effectively counteract the evolving phishing attacks that exploit human nature. Stay vigilant, informed, and protected this Amazon Prime Day to enjoy safe and secure online shopping.

You may also like