The Cyber Risks of Amazon Prime Day

Security experts anticipate a surge of Prime Day cyberattacks as 2021’s cybersecurity crisis rages on

Today kicks off Amazon Prime Day, which runs from June 21-22 this year. In American culture, the online mega-retailer’s annual sales event has become almost a national holiday. Last year’s event brought in $10.4 billion for the corporate giant. But as shoppers get out their credit cards this year amid the 2021 cyber security crisis, researchers are warning of a surge in cybercrime centered around this year’s Prime Day. 

Amazon domain spoofing

Cybercriminals have been ramping up in the weeks leading up to the two-day sales frenzy, with almost 80 percent of domains containing the word “Amazon” suspected of being potentially malicious. What this means for consumers itching to get online and score a deal today: expect a barrage of domain-spoofing bad actors trying to deceive shoppers into providing their email addresses, payment details, passwords, and other personal details.

In the last four weeks alone, more than 2,300 new domains were registered in relation to Amazon. Domain spoofing is a common tactic for cybercriminals to steal money and sensitive data. The goal is to get consumers to click on pages and emails that appear to be related to Amazon. The look-alike domains are used to divert web traffic by misdirecting unsuspecting shoppers to websites that elicit users’ personal information or contain malware. 

Prime Day security

“We know that cybercrime skyrockets during shopping seasons, particularly around Christmas and the winter holidays. Prime Day has become one more golden opportunity for criminals,” says Ben Filippelli, CTO and IT security architect for Level5 Management in Boca Raton. 

This year, Prime Day shoppers need to be more cautious than ever. Here are 8 tips for outsmarting the cybercriminals if you’re looking to jump on the Prime Day deals. 

8 Tips for Prime Day shopping

1. Triple check for misspellings. Domain spoofers use slight variations of the Amazon.com domain, but you should also be checking emails that appear to be from Amazon, including delivery notifications and texts. If you need information on the status of a delivery, visit the Amazon website directly instead. Don’t click any links.

2. Check the security of the domain by looking for the “https” preceding the web address. Never submit your payment details from a website that does not have secure sockets layer (SSL) encryption installed. 

3. If you’re going to shop, do it from your own secure network. Online shopping should never be done from a public or open Wifi network. And if you’re perusing the deals on during a business break, remember that any inadvertent security errors you make on your office network can put your entire company in danger. 

4. Pay attention to the tone of the email. Social engineering techniques are often designed to compel users to scan through quickly and miss red flags. 

5. Be sure you’re using strong passwords. In general, security-minded users should be using a good password manager (as an IT security provider, the Keeper solution is among our favorites). These apps can generate very strong random passwords for your shopping accounts and store them for easy login. 

6. Share only the bare minimum of your personal information needed to complete a transaction. If any required fields give you pause, ask yourself why the company would need this. For example, would a legitimate retailer really need your mother’s maiden name or the last 4 digits of your social security number to finalize your purchase of those awesome hotdog-patterned socks? 

7. Speaking of awesome buys, think rationally about those too-good-to-be-true bargains and excitingly-deep discounts. Cybercriminals are experts at using our inherent tendency for FOMO (or “fear of missing out”) to exploit people. Countless victims of scams and cyberattacks could’ve been protected by applying the “too good to be true” adage, but not falling for it is not always as simple as it seems. 

8. Online transactions should be handled with credit cards. Keep the debit cards in your wallet. If you’ve fallen into a cyber trap, the last thing you want is to discover your bank accounts have been compromised. Most credit cards also offer some degree of fraud protection (while debit cards usually don’t), so you may have a better shot at recouping your losses. 

Want more tips on IT and IT security for your business? Need resources or free webinars on employees cybersecurity awareness training?

It’s time to get happy. Leave IT to us.

Call Level5 Management at (561) 509-2077, or Livechat us on our homepage to get connected with our team of IT experts — not salesmen.