On June 21st, Amazon held their annual two-day promotion where shoppers flock to the site for special deals and discounts. However, shoppers weren’t the only ones warming up ready for the big online sale. With over 150 million Prime subscribers globally, threat actors and hackers were waiting on the sidelines spreading malicious content and gearing up to leverage their own “special deals”.
Check Point conducted an analysis of cyber threats related to Amazon’s Prime Day in the weeks leading up to the event. Their findings showed alarming signs of malicious and suspected domains being erected, these spoof domains were used to lure eager shoppers using various phishing campaigns. The key findings from Check Point’s research are detailed below.
Alarm over Domain Registrations
In the previous Amazon Prime Day period, during October 2020, 28% of domains registered containing the word “Amazon”, were found to be malicious and another 10% suspicious. Furthermore, 20% of domains registered containing the words “Amazon” and “Prime” were found to be malicious.
In the past 30 days, over 2,303 new Amazon-related domains were registered, compared to 2137 in 2020. However, this year, almost half (46%) of those domains have been found to be malicious and another 32% suspicious. As for new Amazon Prime’s related domains, there were 32% malicious sites.
Phishing for Your Click
Phishing methods and techniques constantly get creative and innovative, with threat actor’s constantly seeking ways to lure victims into click on what seems to look like a very legitimate website or email coming from an “expected” or familiar source. The basic element of a phishing attack is a message, sent by email, social media, or other electronic communication means.
A hacker might then use public resources like social networks to collect background information on the victim including their name, job title, and email addresses as well as interests and activities. All this information can then be collated to create a fake message which looks legitimate.
Typically, the emails the victim receives appear to come from a known contact or organisation. Attacks are carried out through malicious attachments or links to malicious websites. Attackers often set up fake websites, which appear to be owned by a trusted entity like the victim’s bank, workplace, or university. Via these websites, attackers attempt to collect private information like usernames and passwords, or payment information.
Example: Impersonation of the “Amazon Team”
Subject: Mail sent from Amazon: Wednesday, June 2, 2021
This email appeared to be from an Amazon Customer Service address but on closer inspection, the email was identified as a phishing email as it was actually sent from (admin@fuseiseikyu-hl[.]jp).The attacker was trying to lure the victim to click on a malicious link, which redirects the user to a different webpage, not on Amazon.
In the last 30 days, over 2,300 new domains were registered about Amazon, a 10% increase from the previous Amazon Prime Day, where the majority now are either malicious or suspicious.
Whether you are hunting for the best deals online or responding to messages in the workplace, it’s important to stay vigilant to suspect messages. Find out how Intercity’s security solutions can keep your most critical information safe.