Shoppers beware, Amazon Prime Day, like any online event, will be exploited by cybercriminals seeking to steal your sensitive information or infect your devices with malware.
Be on the lookout for:
- Any variation in Amazon’s web address, https://www.amazon.com/, in your browser’s address bar. Variations, such as amazon.co, indicate you’re in a spoofed site, in which clicking any of the site content may infect your device with malware, and any purchase made or personal information supplied, may lead to credential compromise.
- Confirm that the URL in your browser’s address bar is preceded by “https” and a lock symbol (that’s locked).
- Web pop-ups with offers that take you to a malicious spoofed website.
- Unexpected/unfamiliar tone and grammar errors in messages received.
- Customer support or delivery attempt related calls, which seek personal information of any kind.
- Messages stating your account has been locked or needs to be verified.
- Deals that sound too good to be true.
The following is an example of an Amazon related phishing message, purporting to come from customer service:
Recommendations:
- Do not pay for purchases with debit cards as they do not offer the same consumer protections that credit cards offer.
- Avoid clicking embedded links and attachments in unexpected messages.
- Use VPN (virtual private network) to secure your Wi-Fi connection
- Set-up MFA (multi-factor authentication) on your Amazon account (and any eligible account).
- Visit web pages via known and trusted URLs that you type into your browser’s address bar.
- Check delivery status and locate a customer service contact phone number directly from a trusted site.
- When in doubt of the legitimacy of any communication received, confirm with the sender using a trusted means of communication.