Actu
Amazon Prime Day or Amazon Crime Day? Don’t Fall Victim to Phishing, Warns Check Point Software
July 2022 by Check Point Software
This year, during the first few days of July, Check Point Research (CPR) has already witnessed a 37% increase in daily Amazon-related phishing attacks compared to the daily average in June
Last year during the month of Amazon Prime Day (June 2021) we witnessed an 86% increase in phishing emails relating to the occasion, and a 16% increase in phishing URLs compared to the previous month
During June 2022, there were almost 1,900 new domains related to the term "amazon" of which 9.5% were found to be risky - either malicious or suspicious
CPR provides examples of malicious impersonations of Amazon Customer Service, as well as a log-in page for Amazon Japan
Kicking off on July 12th, the annual Amazon shopping extravaganza, as always, is promised to be bigger and better with more cash savings and offers on goods.
Online shoppers are already on the hunt for one-time offers or once-a-year deals and are closely monitoring the web for upcoming surprises.
Clearly tracking this trend, cybercriminals are also sharpening their own upcoming surprises and gearing up to exploit the excitement of shoppers. Of course, Amazon-related phishing occurs all year long, and the company is often in the top imitated brands yet there is always an increase in activity around Prime Day. CPR is closely monitoring for cyber threats related to the day, both in the weeks leading to it and during the event itself, and has already found alarming signs of malicious phishing campaigns and fake websites.
Phishing shoppers through emails and fake URL’s
During the first week of July, CPR witnessed a 37% increase in daily Amazon-related phishing attacks, compared to the daily average in June.
The team also found approximately 1,900 new domains containing the term ’amazon’ and 9.5% of these were found to be risky, either malicious or suspicious.
In the weeks prior to Prime Day 2021, CPR discovered 2,303 new Amazon-related domains with most of them (78%) found to be risky. Our researchers believe that this decrease could partly be explained by cybercriminals not always having the full term "amazon" included in the domain being registered for phishing purposes to avoid detection. Furthermore, these cybercriminals might leverage these domains for a later use, and do not want them to contain content that could be deemed malicious.
’Phishing URLs’ are webpages that impersonate legitimate Amazon pages. They look exactly like the real thing and within it, they request users to provide information, usually credentials.
Emails are the most common medium that phishers use to deliver malware or steal private information.
Example 1:
The following email allegedly informs the customer of a canceled order due to payment issues. However, it contained an ISO file attachment, which when opened would have left an executable dropper malware on the recipient’s computer.
From: "Amazon Customer Support"
Subject: Order Canceled Unpaid INV #XXXXXXXXX
Graphical user interface, text, application, email Description automatically generated
Example 2:
The following email, which is targeting Amazon Japan customers, asks the recipient to click a link to approve a payment method. This link in fact leads the victim to a fake login site (michaelcarunchiodmd[.]com/jp) imitating the real website. The site is currently inactive.
From: Amazon (xg@jkhhwbfa.com)
Subject: Amazon.co.jp: Your payment method is not approved # XXX-XXXXXXX-XXXXXXX
Graphical user interface, text, application, email Description automatically generated
Graphical user interface, application Description automatically generated
