Amazon launched Prime Day in 2015 during the company’s 20th anniversary. And they’ve been stepping up their game ever since. To date, Prime Day is hailed as the biggest shopping event in the company’s history, surpassing its 2016 Black Friday and Cyber Monday revenue.
Phishing emails are a popular tool for cybercriminals. They are extremely successful at finding new victims with these scams. Recognizing fraudulent messages that look official can be difficult to the untrained eye.
It won’t be a surprise, then, to expect that Prime Day 2018 will be even bigger than last year—and cybercriminals may be counting on this.
Watch out for this Amazon Prime Day phishing attack
What we're talking about is an Amazon Prime Day phishing email scam that is spreading like wildfire. The email thanks the recipient for a recent order on Amazon.com. It goes on to say you're invited to write up a quick review on the product, for your time you will receive a $50 bonus.
Here is what the phishing scam looks like:
As you can see, there is a link provided inside the email to review and print the reward.
Warning! Do NOT click on the provided link, it's malicious.
The criminals behind the attack can change the malicious links' payload at any time. The link currently takes you to a spoofed Amazon page that asks for your login credentials. It can be changed at any point, leading to malware infecting your computer or even ransomware that will encrypt the critical files on your gadget.
These types of attacks are on the rise. That's why you need to know what to watch for and how to handle the situation when it arises.
Here are suggestions from Amazon on how to recognize a phishing attack:
- Fake orders - If you receive an email claiming to be from Amazon confirming an order that you did not place, it's a scam. Instead of clicking links within the email, type Amazon.com into your browser, sign in and go to the Your Orders page to verify your purchases. If you didn't buy the item from the email, it's a phishing scam.
- Credential request - Amazon does not send emails requesting your username and/or password. If you receive an email like this, it's a scam.
- Update payment information - You should never click a link within an email asking you to update your payment information. Instead, go to your Amazon account and click Manage Payment Options in the Payment section. If you are not prompted to update your payment method on that screen, the email is not from Amazon.
- Fraudulent links - If you receive an email with a link that supposedly goes to Amazon, hover over the link with your cursor. If it does say that it's going to direct you to Amazon, it's a phishing scam.
- Attachments - Emails purportedly from Amazon that contain attachments or prompts to install software on your computer are scams.
If you receive an email from Amazon that you suspect is fraudulent, you need to report it. Click here to report the scam to Amazon.
How to protect against phishing attacks:
- Be cautious with links - If you get an email or notification that you find suspicious, don't click on its links. It could be a phishing attack. It's always better to type a website's address directly into a browser than clicking on a link.
- Do NOT enable macros - You should never download PDF, Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos.
- Use unique passwords - Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it's simple for the cybercriminal to get into each account.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID.
- Check your online accounts - The site Have I Been Pwned allows you to check if your email address has been compromised in a data breach.
- Have strong security software - Having strong protection on your gadgets is very important.