Amazon (AMZN) is hosting its annual Prime Day event this week. That means you’re likely scouring the e-commerce giant’s site and app for sales on everything from diapers to doorknobs if you pay the annual fee of $14.99 a month or $139 a year to be a Prime member.
But Prime Day isn’t only a major event for shoppers. It’s also an opportunity for scammers hoping to exploit the event’s massive popularity to steal Amazon customers’ data.
According to Check Point Research, the intelligence arm of cybersecurity company Check Point Software (CHKP), Amazon-related phishing attacks increased by 37% in the first few days of July alone in the run-up to Prime Day, based on a sample of corporate networks it tracks. The company predicts there will be 10 million phishing attempts related to Prime Day around the world this year.
Phishing attempts use e-mail to trick people into clicking malicious links or entering their information into phony websites with the intention of stealing private data including payment information.
“Amazon already is a big source of phishing for obvious reasons,” explained Mark Ostrowski, Check Point’s head of engineering U.S. East. “But the first week of July was that pivot point where we saw a pretty substantial increase. An almost 40%…increase within one week of the amount of phishing campaigns that we saw.”
For shoppers, threats include thieves making off with their Amazon login credentials, stealing their payment information, and gaining access to other private data.
But you can thwart these schemes by simply being more careful about which emails you open.
More Prime Day attention means more criminals go to work
Prime Day has become a summer constant since Amazon held the first event in 2015. With the exception of 2020, when Amazon held Prime Day in October because of the pandemic, the sale has gained more and more attention from shoppers and rival retailers looking to take advantage of increased consumer interest in sales during the time of year.
Unfortunately, as with any major online event, cybercriminals have taken notice, as well. And they’re determined to use the shopping extravaganza to snatch as much private data from as many unwitting consumers as possible.
“There’s more publicity and more attention on these money transacting events, and the same level of security at best that people have,” explained Herb Lin, senior research scholar at the Stanford University’s Center for International Security and Cooperation.
“Now, would you expect that to be a more lucrative opportunity for criminals? Absolutely. It says, ‘Hey, here’s an opportunity to spend money.’ And guess what? criminals listen to that too.”
According to Check Point’s Ostrowski, cybercriminals use a scattershot approach to target Amazon customers during Prime Day. The idea is that, with millions of consumers ordering goods from the retailer during the period, the thieves will trick at least some into opening Prime Day-related phishing emails.
It’s the same concept cybercriminals use during the holidays, when they fire off phony FedEx or UPS emails claiming that victims’ packages are delayed or they need to pay additional taxes to get them shipped. Of course, the victims have to provide their credit card data or login information to pay those taxes. And with that, the criminals have what they need.
In the case of Prime Day, thieves will send emails claiming to be from Amazon warning that a customers’ order was canceled or otherwise held up. To fix it, you’ll just need to provide your user data or credit card number.
Some fraudulent emails will even claim to have spectacular offers on iPads or other normally pricey goods. When a victim clicks on the deal and enters their credit card data, the discount disappears along with their information.
Be patient and use sound judgment
But there are ways to stay safe while shopping, the most important being that you should always be wary of emails from retailers.
If you’ve been shopping on Amazon and get an email telling you that an order has been delayed or canceled, don’t click any links in the message. Instead, log into your Amazon account via a separate browser window or your Amazon app, and check to see if your order is still en route.
As for those emails promising wild sales, your best bet is to, again, go to the source: Amazon.com. And, of course, if it sounds too good to be true, it likely is.
A spokesperson for Amazon, meanwhile, said the company doesn’t request that customers purchase gift cards for any service and won’t ask for payment over the phone or email — only on its app or website. Amazon also won’t ask you to download any software to chat with customer service.
There are other ways you can avoid scams, as well. Instead of using your actual credit card number, you can use a virtual credit card number, something that most card companies offer. Virtual numbers are normally a one-time use code that ties to your credit card account. But if a third-party gets access to it, they can’t use it to make other purchases.
Above all, don’t jump at every email you see. Instead, take a deep breath and think before clicking any links.