Protecting Amazon Prime Day Shoppers From Online Fraud – Expert Advise

BACKGROUND:

With Amazon Prime Day fast approaching (June 21-22), and cases of cyberattacks and fraud on the rise, it’s crucial that eager shoppers and businesses alike take the necessary steps to protect themselves.

Subscribe
Notify of
guest

2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Charles Brook
Charles Brook , Threat Intelligence Researcher
InfoSec Expert
June 21, 2021 1:09 pm

<p style=\"font-weight: 400;\">Just as you’ll be hunting for great deals, cybercriminals will be hunting for victims this Amazon Prime Day. The most common tactic will be for scammers to impersonate Amazon in phishing emails, luring consumers with ‘too good to be true’ deals or prize offerings to encourage them into clicking malicious links or entering their details into fake websites. Tessian saw a 133% spike in suspicious emails related to Amazon Prime Day or Amazon Store on 13th October 2020 – the last Amazon Prime Day – compared to the daily average for the month of October.  </p>
<p style=\"font-weight: 400;\"> </p>
<p style=\"font-weight: 400;\">Another common technique is to impersonate logistics or delivery companies in text message scams, asking consumers to click a link to confirm delivery details, track orders or reroute packages. If you’ve just bought something in the sales, it wouldn’t seem unusual to receive a message like this. But these scams are designed to harvest financial information or account credentials which can be used to access other online accounts. </p>
<p style=\"font-weight: 400;\"> </p>
<p style=\"font-weight: 400;\">So, this Amazon Prime Day, think before you click and verify the legitimacy of every message before complying with any request. </p>
<p style=\"font-weight: 400;\"> </p>
<p style=\"font-weight: 400;\">Also beware of scams after the sales day. On the 15th October 2020, the day after the Prime Day sales last year, Tessian saw a 160% increase in the number of suspicious emails related to ‘Amazon’ and ‘Amazon Prime Day’ compared to the daily average counted throughout October 2020. The subject lines of these suspicious emails related to order confirmations, invoices, package delivery updates, and messages supposedly coming from Amazon ‘Customer Support’. </p>
<p style=\"font-weight: 400;\"> </p>
<p style=\"font-weight: 400;\">Here are our tips to avoid falling for a scam on Amazon Prime Day 2021: </p>
<p> </p>
<ul style=\"font-weight: 400;\">
<li>Be wary of emails that offer special deals or prizes associated with Prime Day – especially if they can only be accessed by clicking on a link or entering your personal or financial details. The general rule is to not click the links.</li>
</ul>
<p> </p>
<ul style=\"font-weight: 400;\">
<li>Inspect the email address, not just the sender’s display name. Scammers take advantage of the fact that, on mobile, emails only show a display name which makes it easier for a bad actor to impersonate Amazon and send a message from an unknown email address.</li>
</ul>
<p> </p>
<ul style=\"font-weight: 400;\">
<li>Be wary of SMS scams too. Throughout the pandemic, hackers have posed as logistics firms, asking consumers to verify their details, reschedule ‘attempted deliveries’ or pay outstanding delivery fees. Inspect the sender\’s phone number – unknown numbers or 11-digit long numbers starting with a local area code are often associated with scam texts. Again, do not click the links until you’ve confirmed whether it’s legitimate by contacting the company directly. </li>
</ul>
<p> </p>
<ul style=\"font-weight: 400;\">
<li>Check for spelling or grammar mistakes. Large companies will rarely make these errors.</li>
</ul>
<p> </p>
<ul style=\"font-weight: 400;\">
<li>Look on social media to see whether other consumers, or the company itself, has reported similar scams. </li>
</ul>
<p> </p>
<ul style=\"font-weight: 400;\">
<li>And remember, if something seems too good to be true, it probably is so don’t click the links!</li>
</ul>

Last edited 1 year ago by Charles Brook
Will LaSala
Will LaSala , Director of Security Services, Security Evangelist
InfoSec Expert
June 18, 2021 11:11 am

<p>Amazon Prime Day is here again, and it’s time to urge everyone to move to multi-factor authentication wherever possible to protect you when shopping online. In the recent news, we have seen approximately 25 billion user credentials leaked to hackers around the world. These leaked credentials make it much easier for hackers to steal user accounts – with a list of previously used passwords, cybercriminals can simply try each of those against your account. If you reuse a password, chances are that password is on this list.<br /> </p> <p>In addition to moving away from static passwords, phishing and social engineering attacks have dramatically increased with over <a href=\"https://urldefense.com/v3/__https:/www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/36-million-brits-targeted-by-a-scammer-so-far-this-year/*:*:text=More*20than*20two*20thirds*20of,**A2C*20the*20charity*20can*20reveal.__;I34lJSUlKiUlJSUl!!DZ56qYBuutOgaEbgjQ!4s2Y6S6hXDx40y-6QkLwWUaEefjM1RrPcZrFMrZIo3l4TPiFXY0PY78FLrMWnCj1lNEd$\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://urldefense.com/v3/__https:/www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/36-million-brits-targeted-by-a-scammer-so-far-this-year/*:*:textMore*20than*20two*20thirds*20of,**A2C*20the*20charity*20can*20reveal.__;I34lJSUlKiUlJSUl!!DZ56qYBuutOgaEbgjQ!4s2Y6S6hXDx40y-6QkLwWUaEefjM1RrPcZrFMrZIo3l4TPiFXY0PY78FLrMWnCj1lNEd$&source=gmail&ust=1624100220059000&usg=AFQjCNGg9KO3-XDDYvEasLMTlDV0oOk6zQ\">36 million Brits</a> targeted by scammers this year alone, according to Citizens Advice. Where hackers lurk, precautions must be put in place, and there are steps we can all take to stay safe when we look for that great new deal. Start by never giving away your sensitive information. Banks, credit card companies, and e-commerce sites will never ask you for your full password in customer communications. In addition, never fill out your card details on a website with a URL that you don\’t recognise. Man in the middle attacks (or MITM), where hackers steal personal data by making near perfect copies of legitimate websites with their own domains, are on the rise. It is crucial that consumers always double check the web address before attempting to make a purchase.<br /> </p> <p><br />Mobile devices have brought all our private accounts and data into a single, convenient location — making them the perfect target for a hacker. Everything from online banking and e-wallets to email and social media is linked into your mobile device. This means that, once a criminal gets access to your phone, all your apps are open doors for cybertheft. Only download verified mobile apps from the official Apple App Store or Google Play store. Downloading mobile apps from unofficial channels opens the door to fall victim to attacks—one wrong click can lead to all your personal information being leaked. <br /> </p> <p>Finally, business must ensure that apps are sufficiently shielded and protected from these unwanted hacks.</p>

Last edited 1 year ago by Will LaSala
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x