Amazon Prime Day 2019 is nearly upon us, and with it, the annual uptick in cyber threats. The shopping juggernaut starts at 12a.m. PST, Monday, July 15 and ends at 11:59 PST, Tuesday July 16th. The blitz of promotional emails, online ads, and blogs linked to special deals are not only irresistible to shoppers, but to hackers who feed on high emotions and a sense of urgency.
Here’s the rundown for what to watch out for and what steps can be taken.
Megadeals and Cyber Steals
Last year, Prime Day pulled in nearly as much in sales as Black Friday, with a flood of discounts on products people suddenly realized they could not live without. After all, who doesn’t need a Segway, iRobot Roomba Vacuum or Thermal Imaging Camera.
With millions of Prime members shopping (inevitably on company networks and devices), phishing threats and online scams pose a threat not only to individual shoppers, but to entire organizations. Here's one example of a phishing email from last year.
If you look at the "From" field above, you will see that this email is obviously not from Amazon. The risk to employers is that employees aren't paying attention to anything other than the fake lure of a $100 credit. This is why security awareness education is so critical. Programs like Phishgoggles.com teach staff how to identify and avoid online scams and through repetition and reinforcement, make awareness instinctual.
There are other red flags that a communication from Amazon is suspect. Amazon will never ask for the following information in an email:
- Your bank account information
- Credit card number
- PIN number
- Credit card security code
What to look for in a phishing email or online scam?
Grammatical and Typographical Errors
A legitimate email from Amazon will be error free. Consider any typos and grammar errors a clear indication that the email is malicious.
The Return/Sender address
All authentic Amazon emails will be sent from an email address ending in “@Amazon.com” or an Amazon landing page with a special offer. It is risky to click on what looks like a landing page, because it could be a page replicated by a hacker, and assigned a close, but not real, domain name.
Website Link Previews
Most of the time you can preview a website or email link simply by hovering over the text or button. If the website domain name doesn’t include “Amazon.com” it is not likely to be legitimate.Amazon Hacker Website Examples*:
Even a legitimate-looking link can open a website with a different URL. If you click an “official” link and the website loads something else, click away immediately and report the link to Amazon. If you are at the office, report the possible threat to your IT contact. If you are at home, make sure you have anti-virus and anti-malware software on the device you are using to shop before you shop.
Straight to the Source
Don’t let a tempting promotion obscure your common sense. If you’re curious about a deal offered in an Amazon email, simply go straight to the official website. Any legitimate deal will be promoted on the site.
One last bit of advice: it’s best to do your shopping before or after office hours. If you are caught in a scam, the impact may be bad, but not as bad as bringing down your IT infrastructure at work.
If you’ve found this information helpful, be sure to share this post with the links below.