Don't let Prime Day scams dampen your shopping spree. Here's what to look for
Here are a few you need to be wary of.
What you need to know
- Amazon Prime Days pose as a perfect opportunity for hackers to target users' wallets and extract sensitive information from them.
- Data shows that, in June alone, 1,200 new domains associated with Amazon cropped up, of which 85% were flagged as malicious or suspected of being malicious.
- Hackers usually disguise themselves as Amazon reps or even create look-alike pages to dupe people into sharing financial information.
- Some of them may even reach out to victims via social media DMs on the pretext of offering massive discounts or free shipping of the products.
Amazon Prime Day is only hours away. While this may be an exciting time to take advantage of the massive deals, several cybercriminals are looking for such opportunities to target your wallet. Like any other cyber scam, these Prime Day scammers aim to steal personal information, card details, or sometimes even money from customers unaware of their intentions. We dive into the most common ways that people get phished and how you can spot a Prime Day scam without compromising your information.
Phishing attempts to watch out for
According to data collected by Check Point, there has been a significant increase in cyberattacks related to Amazon Brand. In June alone, 1,200 new domains associated with Amazon cropped up, of which 85% were flagged as malicious or suspected of being malicious.
"In June 2024, we discovered a widespread phishing campaign mimicking the Amazon brand, particularly targeting the US," Check Point added.
Scammers can use many methods to reach you, but the most common is disguising themselves as official Amazon websites or accounts. Some of the newly established phishing sites recently spotted by the publication were:
amazon-onboarding[.]com: a newly registered fraudulent site, specifically targeting carrier-related credentials.
amazonmxc[.]shop: a fake Amazon Mexico website designed as a replica of amazon.com.mx. It looks like the real deal with a login button as well.
amazonindo[.]com: Another phishing site that isn't Amazon that collects users’ login credentials upon clicking the "login" button.
Sometimes, these phishing attacks end up right in the user's inbox. They send very convincing emails/text messages with links to massive discounts or deals, luring them to divulge login credentials or, worse, their credit card details. Sometimes, these messages carry a threat, like login details being compromised or the will account shut down if the users don't act quickly —creating a sense of panic in customers.
Get the top Black Friday deals right in your inbox: Sign up now!
Receive the hottest deals and product recommendations alongside the biggest tech news from the Android Central team straight to your inbox!
Clicking on the link might prompt the victim to sign in to a look-alike Amazon site, exposing their credentials to the hacker, or the link may attempt to download malicious software into the device, through which the hacker can get access to all the information on the laptop/phone.
Additionally, users sometimes get texts from spoofed numbers claiming to be a local post office or Fedex/UPS about an undeliverable package, with a link that tries to get people's credit card details. These are especially common in the U.S. and Canada around Prime Day Sales.
Sometimes hackers can also call victims claiming to be Amazon customer service representatives offering deals on various products, or again asking shoppers for their personal information, stating that a payment didn't go through on their recent order or their account has been hacked into.
Another way that scammers can reach customers is through their social media accounts. They can slide into your DMs promising Prime membership cards or free Amazon gift cards specifically during Prime Days. Some scammers may also share enticing giveaways on their social media accounts or ads related to Prime Day deals.
"The scammer's message may even prompt you to insert your payment information to cover shipping costs for your free item," Norton's website stated.
Ways to spot Prime Day scams
- NordVPN's website asks buyers to carefully look through emails and messages for signs for grammatical errors, generic terms like " Dear customer" or a threat/ urgency in the email forcing you to click a link or respond to the message.
- Most phishing emails or links contain gibberish or misspelled URLs that resemble Amazon's customer service IDs.
- Anyone requesting for personal or financial information like passwords, credit card details, or Social Security numbers via email or phone, on the pretext of closing an Amazon account.
- Sales sent via emails or social media accounts, that look too good to be true, with prices slashed to 90%, luring people to purchase from their website.
Being phished? Here's what to do
In the event that you come across such phishing emails/scams, it's best to verify the email IDs and look for red flags associated with them, as mentioned above. One way to steer clear of unnecessary hacking is to make sure to purchase from the official Amazon.com website rather than using third-party sites to access deals.
If someone calls you pretending to be Amazon's customer service, its best to avoid sharing any information with them over the phone/message and directly contact Amazon customer support through official channels, like the app or the legitimate website.
Amazon has also clearly mentioned that it "will never send you an unsolicited message that asks you to provide sensitive personal information like your social insurance number, tax ID, bank account number, credit card information, ID questions like your mother's maiden name or your password." Customers can also report suspicious emails/calls via Amazon's official website.
Amazon's biggest sale of the year kicks off on July 16th, and it's almost time for the best Prime Day deals to hit the site. In 2023, over the course of the two-day shopping event, Prime members purchased more than 375 million items worldwide and saved more than $2.5 billion.
Nandika Ravi is an Editor for Android Central. Based in Toronto, after rocking the news scene as a Multimedia Reporter and Editor at Rogers Sports and Media, she now brings her expertise into the Tech ecosystem. When not breaking tech news, you can catch her sipping coffee at cozy cafes, exploring new trails with her boxer dog, or leveling up in the gaming universe.