Hacker holding an Amazon Prime day sign

Phishing Alert – Amazon Prime Day is here and the hackers have the most tempting offers

Amazon Prime day promises millions of deals that may seem too good to be true. Unfortunately, Prime Day is prime territory for phishing attacks.

Prime Day is Amazon’s annual sales event which began in July 2015, marking the 20th anniversary of the retail giant. This year, due to the coronavirus pandemic it has been pushed back, falling on the days of the 13th and 14th of October, with deals running from 00:01 Tuesday morning until 23:59 Wednesday night.

Prime members receive massively discounted prices on products such as laptops, TVs, smartphones, wearables and pretty much anything you can buy on the world’s largest online store.

Despite this being a time where many people will want to rush headfirst into the sales, experts are warning against the dangers of doing so.

Since August, there has been a huge spike in the number of sites using false Amazon branding, the most significant since the start of the pandemic back in March. These phishing sites, like many others, aim to steal credentials, bank details and other sensitive information.

Graph showing number of amazon phishing sites

Image credit: Bolster

These false websites mimic real Amazon web addresses, www.amazoncustomersupport[.]net, and ask for credit/debit card information in a clear attempt to try to steal them. Some sites are even running active phone support in order to appear genuine.

Ironically, researchers found that “Amazon does not encourage customer service by phone, and it takes a great effort to find phone support on the real Amazon site”.

PhishingTackle.com has added Prime Day simulated phishing emails in-line with those found in the wild to its ever-growing catalogue of real-world templates. Using examples that mimic actual ongoing attacks is part of what makes our security awareness training so effective.

We urge all our readers to act with extreme caution during and around the Prime Day event. Check emails carefully and visit amazon.co.uk directly, rather than following links from emails or social media. Ensure all your users are fully aware of the dangers of email-borne attacks during this dangerous period.

In short, be vigilant with Prime Day.

A good deal and a single click could quickly turn into a nightmare for you or your entire organisation.

Recent posts