Amazon Prime Day 2021: Tips to help you avoid getting scammed
Amazon Prime Day 2021 is upon us and many people will be laser-focused on identifying the best possible deals. But it’s not just consumers that will be out in force.
As with any major event, Amazon Prime Day provides fertile ground for cybercriminals hoping to scam people out of their personal information and hard-earned cash. Analysis from multiple security companies suggests the threat level could be particularly high this year.
According to Check Point Software, upwards of 2,300 new Amazon-related domains have been registered in the last 30 days, representing a 10% increase on the previous Amazon Prime Day. The majority (80%) of these websites are classified as potentially dangerous, while 46% were found to host malware or phishing mechanisms.
Here's our list of the best security keys for multi-factor authentication
There are a number of strategies scammers can use to attract punters to these dangerous addresses. For example, they could pose as a member of the Amazon customer service team, or send out an email promoting a time- or stock-limited flash deal. Criminals have also been known to insert themselves further down the e-commerce chain, masquerading as payment providers and delivery companies.
Amazon Prime Day: Advice from security experts
Although consumers will likely be subjected to a barrage of phishing attacks on Amazon Prime Day, there is plenty that can be done to avoid falling victim to scammers. And the responsibility doesn’t just fall on shoppers; retailers have a responsibility to protect customers too.
Here’s what the security experts have to say:
Dan DeMichele, VP Product at LastPass by LogMeIn
“As everyone begins tracking down the best deals, threat actors are making plans to exploit any slip-ups in our online behaviour. Security risks linger even after making the initial purchase, for example in phishing emails disguised as post-purchase correspondence, from receipts and tracking numbers to requests for feedback. To stay safe against cybercriminals, consumers should be on the look-out for suspicious behaviour – double checking URLs and making sure the padlock symbol on your browser is present are good places to start.”
Tom Kendrick, EMEA Security Evangelist at Check Point “I strongly urge Prime Day shoppers this year to be extra cautious, to watch for misspellings, and to share only the bare minimum. I would triple check emails that appear to be from Amazon next week, including delivery notifications. If you’re unsure of the status of a delivery, go directly to the Amazon website.”
(Image credit: Shutterstock / song_about_summer)
Jake Moore, Cybersecurity Specialist at ESET “Scammers are attracted to special online events like moths to a flame. There is the potential that customers will see an sizable increase in calls, emails and texts attempting to entice people into parting with their cash.”
“It is important that people never part with their Amazon password and that their account is secured with two-factor authentication. If there is ever a warning there may be a problem with your account it is advised to go direct to the app installed on your phone rather than clicking on links in emails or text messages.”
Armorblox threat research team “Many legitimate sales and offers during Prime Day leverage the ‘hyperbolic discounting’ effect by offering products on discounts that are almost too good to be true. Scammers exploit this same cognitive bias by sending email announcements that are actually too good to be true (i.e. they are scams).”
Todd Moore, VP Encryption Solutions at Thales “While we all want the latest and greatest deals, shoppers need to be vigilant about the purchases they make online. Customers may be savvy when it comes to threats like phishing and fraudulent landing pages, but many don’t know that their personal information is still at risk from the threat of cyberattacks long after a package arrives on their doorstep.”
“Consumers do have a duty to ensure they are using strong passwords and multi-factor authentication to protect their details, but the brunt of responsibility falls on retailers to implement end-to-end encryption of sensitive payment data."
Simple tips to stay protected on Amazon Prime Day
The following tips, provided by a collection of security companies, can help you shield your devices and personal data on Amazon Prime Day.
Stay alert to misspellings of “Amazon†in web addresses, as well as any websites that use different top-level domains (e.g. .co instead of .com)
Check emails for grammar and spelling mistakes that might betray a scam
Avoid entering payment details into websites not protected by SSL encryption (look for the “https://†suffix and lock icon in the URL bar)
Beware of deals that are too good to be true. There will be plenty of amazing deals on Amazon Prime Day, but you’re never going to get a new MacBook for $200
Avoid sharing personal details over the phone with customer support or billing representatives
Use credit cards instead of debit card, which will make it easier to recover funds if disaster does strike
Always use a VPN service when shopping over public Wi-Fi networks, which are inherently insecure
Deploy two-factor authentication to prevent unauthorized access to your accounts and a password manager to store your credentials
Make sure your operating system and web browser are fully updated, with all the latest security patches installed
We've built a list of the best antivirus services right now
US and Israel team up in major cybersecurity partnership
The US and Israel have established a new bilateral partnership that will see both countries work together to combat ransomware and other pressing cyber threats.
This new partnership builds on the longstanding relationship between the US Treasury Department and the Israeli Ministry of Finance. In addition to working together to disrupt ransomware operations, the two countries will create a joint task force to address cybersecurity.
In a press release announcing the new partnership, Deputy Secretary of the Treasury, Wally Adeyemo explained how the US and Israel will work together to safeguard the global economy from ransomware and cyberattacks, saying:
“Harnessing both the power of international cooperation and of technology innovation will position us to support economic competitiveness, prosperity, and to combat global threats including ransomware. As the global economy recovers and ransomware and other illicit finance threats present a grave challenge to Israel and the United States, increased information exchanges, joint work, and collaboration on policy, regulation, and enforcement are critical to our economic and national security objectives.”
Joint task force
As its first order of business, the new task force will begin working to develop a Memorandum of Understanding which will cover sharing information related to the financial sector, staff training and study visits to promote cooperation and competency-building activities such as cross-border cybersecurity exercises.
However, the task force will also launch a series of expert technical exchanges on policy, regulation and outreach to support innovation in the fintech sector which both the US and Israel have agreed to encourage. The two countries want to help the fintech sector develop robust cybersecurity protections that can advance compliance on anti-money laundering, counter-terrorist financing and countering the financing of proliferation.
As part of the new partnership, the US Treasury also plans to participate in the CyberTech Global Tel Aviv conference which will be held in Israel in January of next year.
Countering ransomware and other cyber threats has been a top priority for the Biden administration and this new partnership with Israel will help advance this goal further.
