Amazon Crime! Hackers targeting consumers with phishing attacks this Amazon Prime Day

Cybersecurity firm Tessian issues dire warning that cyber criminals and malicious hackers are exploiting potential shoppers with a barrage of fake emails designed to steal passwords, PIN numbers and other controversial data

by Patrick Sullivan, Political Editor on 13 October 2020 11:55


Hackers are set to target bargain-hunting shoppers with phishing scams this Amazon Prime Day, says researchers from cybersecurity firm Tessian.

Amazon Prime Day, which takes place 13th-14th October, sees the popular retailer Amazon offering sales and deals to consumers just before the busy Christmas period. It’s likely hackers will use this opportunity to flood inboxes with fake deals and offers, designed to dupe people into downloading malware or share payment information and account details. Phishing poses a huge threat to retailers during peak shopping periods.

According to research commissioned by Tessian in 2019, 68% of IT decision makers at UK retailers worry their brand will be impersonated during the holiday shopping season. What’s more, one in five IT decision makers said that phishing poses the greatest threat to their retail organisation in the period leading up to Christmas.

With more consumers than ever turning to online stores for 100% of their shopping due to Covid-19, experts at Tessian are predicting more phishing scams than ever, purporting to offer sales on behalf of Amazon.

Cyber guru Tim Sadler, CEO at Tessian told The Commentator, “It won’t just be consumers looking to take advantage of the once-a-year deals offered this Amazon Prime Day.

Hackers, too, will see this as a golden opportunity to launch phishing attacks that dupe people out of money and trick them into downloading malware or sharing personal information. Popular shopping days like Amazon Prime Day create the perfect environment for hackers’ phishing attempts. Consumers are expecting to receive more marketing and advertising emails during popular shopping periods, and this makes it easier for cybercriminals to ‘hide’ their malicious messages in people’s noisier-than-usual inboxes.

Attackers can also leverage the ‘too-good-to-be-true’ deals, using them as lures to successfully deceive their victims. Throughout this year, we’ve seen cybercriminals “piggy-backing” on high profile events to make their phishing attacks as convincing as possible.

We can expect similar tactics this Prime Day, with hackers impersonating Amazon in their emails and supposedly providing people the deals they are seeking.

Tessian also issued bespoke advice on how to spot a fake Amazon Prime phishing scam:

● If something seems too good to be true, it probably is. Be wary of emails that offer special deals or coupons associated with Prime Day - especially if those discounts can only be accessed by clicking on a link or from a brand or name you don’t recognize.

● Always check the sender and verify that it’s a legitimate email address. Scammers will often take advantage of the fact that mobile email only shows a display name, as opposed to the full email address. This means that a bad actor could send a message from an unknown email address, but change the display name to “Amazon” to make it appear legitimate.

● If you receive an email or text that has an associated action or a sense of urgency or deadline, it’s most likely a scam. Ask yourself, does this request make sense?

● Check for spelling or grammar mistakes. Legitimate messages from large companies will rarely have errors.

● If a message contains a link or attachment, it is likely fraudulent. As a rule of thumb, be skeptical of any hyperlinks and don’t click.

blog comments powered by Disqus