Prime Day is Amazon’s largest, most highly anticipated retail event, bigger than Cyber Monday and Black Friday combined(1). Shoppers enjoy two days of special sales on everything from Amazon devices such as the Echo and Kindle to stylish furniture. As most physical retail outlets remain closed or operate with reduced capacity and hours, online shopping is booming . Nike announced an 82% jump in digital sales(2), while Target, an Amazon competitor, beat projected earnings and tripled digital sales(3).
As shoppers gear up for two days of great deals, cyber criminals are prepping to prey on the unwary, taking advantage of those who let their guard down to snap up bargains. The data illustrates cyber criminals have been increasing phishing and fraud campaigns using the Amazon brand and logos. Shoppers need to stay alert and be careful on Prime Day to ensure they do not fall for a fraudulent campaign.
Amazon Phishing and Fraudulent Site Examples:
Bolster Research analyzed hundreds of millions of web pages and tracked the number of new phishing and fraudulent sites using the Amazon brand and logos. Using a combination of deep learning, natural language processing and computer vision, Bolster’s technology discerns those that are informational versus those that are used to gather logins, passwords or credit card information.
The chart below illustrates the new monthly phishing and fraudulent sites created using the Amazon brand. After the spike in March coinciding with the World Health Organization’s COVID-19 pandemic announcement, there was a slight dip then a gradual increase with a sharp spike in August with another 2.5X increase in September. The obvious spike is a strong indication that cyber criminals are gearing up for a profitable Prime Day to take advantage of the unwary.
One fraudulent campaign discovered the day before Prime Day looks very authentic, and it looks like the criminals took the time to actually copy elements of the Amazon website in great detail. The page asks you to confirm payment details for your purchase and even promotes "The All-New Kindle Family: from $79." The page copied the header and footer layouts, fonts, and dimensions to really deceive the shopper.
On closer inspection, there are clear warning sites that shoppers may or may not catch:
• Only the form itself works, and none of the other links actually work or take you to another page
• Information requested on the form is way more than what Amazon asks for; Amazon does not ask for social security numbers, date of birth, mother's maiden name, or even the CVV number
• The page is hosted on appspot.com, which is a Google Cloud computing platform, a big Amazon competitor, used for developing and hosting applications in Google managed data centers
• The IP address for the URL is used for multiple suspicious or fraudulent domains
The last point is not something an average user would know or even understand. Details on this fraudulent site can be seen on checkphish.ai. Checkphish.ai can used to scan any suspicious URL and is offered free by Bolster. It uses a combination of artificial intelligence, natural language processing, and computer vision to understand the intent of a site and determine whether its purpose is for malintent.
Fraudulent Site: https://jamz47341.uc.r.appspot[.]com/
Another campaign targets “returns” or “order cancellations” related to Prime Day. The URL www.amazoncustomersupport[.]net is designed to mimic an authentic Amazon site, and the webpage could easily fool an unsuspecting shopper. However a closer look clearly indicates the site is not legitimate:
• Prominent phone number: Amazon does not encourage customer service by phone, and takes a great effort to find phone support on the real Amazon site
• The form requests bank or credit card information: Amazon always offers refunds to original form of payment or gift cards
• No password required: Amazon requires an Amazon account to make purchases and returns
Other smaller issues also exist, though overlooked by someone in a hurry to return or cancel an order because they changed their mind. Clicking the Amazon Prime logo goes nowhere, and a “Get Started” button to sign up for Prime Membership does not work.
Fraudulent Site: www.amazoncustomersupport[.]net
Another fraudulent site promotes an Amazon loyalty program and offers a free iPhone 11 Pro for answering a few survey questions. The user is asked four easy questions and then directed to a simple game that looks like they should lose. Of course they win, and are required to enter credit card information for a $1 to receive the iPhone 11 Pro, The site claims the phone will be delivered by courier in 5-7 days. In the following screen shot, the free iPhone is validated by many others who have already received their phones. Despite the glowing reviews, the $999 phone will never arrive, and the shopper begin to see strange charges on the credit card number provided.
Fraudulent Site: www.fr-suivre[.]vip
Tips to Avoid Prime Day Scams
Everyone loves a great deal, and there is no reason to hold back from participating in Prime Day for fear of phishing and fraudulent campaigns. By staying alert and following a few key pointers, shoppers can get the great deals, while protecting their wallets and personal information safe from cyber criminals.
1. Start on Amazon.com
One way to avoid Prime Day scams is to go direct to the source. Don’t start shopping through email links to avoid fraudulent sites.
2. Ensure purchase experience is unchanged
Most people have purchased hundreds of items from Amazon and know the purchase experience well. Cyber criminals mimic this experience, but ultimately alter certain steps. For example, saved payment information should not be re-entered during the purchasing process. If you are asked to reenter, the likelihood that the site is fraudulent is extremely high.
3. Inspect site usability and details; leave if incorrect
Fraudulent sites are created quickly for specific campaigns. Though they appear close to the real site, they miss certain details. For example, fraudulent sites will not link the upper left logo to the real site because to keep the user on the fake page. Other details revealing a fake site are blurry images, logos or misplaced buttons.