Catch Of The Week: Amazon Prime Day Scams

By BECKY RUTHERFORD
Los Alamos

So it’s almost Amazon Prime day; what deals are you excited to snatch up? Just be cautious, and be aware that cybercriminals are just as enthusiastic about Prime Day as the rest of us.

Cybercriminals love to incorporate current events into their phishing scams; it’s a great way to get our attention and get more clicks. Prime Day is the perfect time for the bad guys to launch new, Amazon themed scams. This year Prime Day is happening October 13th and 14th; two days of fantastic deals… last year, it yielded Amazon over $7 billion in sales. It’s a huge event, especially now with so many more online shoppers, thanks to COVID-19.

According to an article from ThreatPost.com, numerous new phishing and other fraudulent sites using Amazon theming have popped up in recent weeks. These sites might look like Amazon and have very similar names, like “amazoncustomersupport.net,” which mimics an Amazon site. This is not a legit Amazon.com domain, and it was designed to trick people. One clear piece of evidence for this- the site’s use of a “customer service” phone number; Amazon tries to discourage customer support by phone. The site hosts a form requesting bank/credit card info, and the site does not ask for a customer password.

Another fraudulent Amazon themed site promotes an “Amazon loyalty program” and offers a free iPhone 11 Pro for a few survey questions. The user is then directed to a “game” where they are asked to enter their credit card info to be charged $1 to win the iPhone. If something seems too good to be true…it is.

Similar Amazon themed scams are popping up in user inboxes, including one seen in the UK claiming an “account issue.” The email asks users to click a link to “verify their account,” or they will have their account “locked.” Other email and text phishing scams include notifications that there is a “problem” with your order, and you have to click a link to fix it, or the order will be canceled. One thing phishing scams all have in common; trying to scare you into clicking with a sense of urgency. Avoid clicking links in your email or text messages. Instead, go to your browser, type in the name of the website, and log in to your account. If there is an issue, you can fix it from there, without clicking possibly sketchy links.

A few tips to remember:

  • Check the address in both the sender email and any links. Is it what you expect? Is something slightly off? A common trick is to take a well-known email or website address and change it by only a few characters.
  • Check the email for odd typos and grammar errors; usually a good sign it’s a phishing email.
  • Never share more than you need to…if you are on a website claiming to be Amazon, and it asks for personal data like your social security number, be suspicious. It is a scam.
  • Protect your Amazon account by creating a strong and unique password and by setting up two-factor authentication. Go to Amazon’s “Advanced Security Settings” page to get started on setting this up.
  • Sounds too good to be true? It is; don’t fall for the bait.
  • Watch out for sketchy text messages and emails- avoid clicking links in both; go directly to the website to check.

Be aware, and don’t fall for a scam on Prime Day. Go ahead and get yourself that Amazon Alexa connected blender, you know you want it. And clearly Alexa needs to know every time you make a smoothie, or margaritas. (Note that as far as I know smart blenders aren’t actually a thing, but who knows, and hey I’m sure Jeff Bezos really needs another yacht or two.)

Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.

Search
LOS ALAMOS

ladailypost.com website support locally by OviNuppi Systems