SEATTLE, WA. (WNCN) – Hackers are “primed” to steal your money in a big way this year when Amazon Prime Day begins Tuesday.
Security experts said the two-day sales event is considered by criminals to be a prime target for luring customers into scams.
“Amazon Prime Day, this is like the Super Bowl for scammers,” Mark Ostrowski said, a Cybersecurity expert with Check Point Software.
For those who are looking to take part in Amazon Prime Day beware.
Hackers are out in full force using phony Amazon sites — sites being constructed at a record pace to try and pull victims in.
Consumer Investigator Steve Sbraccia asked what the criminals are getting out of the fake and counterfeit Amazon sites.
“They’re really after our data,” Ostrowski said.
In the last three weeks, those who track the dark web said they’ve identified more than 2,000 domains that are using some variation on the Amazon name.
However, there are many more sites that haven’t been tracked.
“There’s a lot of domains we can’t see because they are using made-up URLs, so the number is probably higher than we are reporting,” Ostrowski said.
Scam Emails purporting to be from Amazon are also another way they’ll get you.
Check Point researchers discovered a supposed Amazon order cancellation email saying there were payment issues.
However, the email contained an attachment, that when opened would have left malware on the recipient’s computer.
“They’re going after keystrokes to gather credit card information,” Ostrowski said.
The malware may also place Ransomware on your device to extort money and data on your machine as well.
Not all fake sites are after your data or personal information, though. Some are just out-and-out frauds.
Those fake Amazon sites want your cash, luring buyers in with better-than-expected deals using photos stolen from online. You pay, but no merchandise ever shows up.
For example, if they offer an iPad at 85 percent off it’s a scam to lure you into paying for something that you’ll never get.
How can you detect these fakes?
Here is the best way: check out the URL or originating email address.
One can get an email offering a great deal — but the word Amazon was spelled wrong. It was missing the second “A”.
When hovering his cursor over the email address it revealed it was not really from Amazon.com, but originated via a hijacked email account.
“The best advice, go straight to the Amazon Website,” Ostrowski said.
The real Amazon site will always have an “S” on the end of HTTP and a ‘lock’ icon.
Other ways to protect yourself:
- Create a special prime day password and don’t reuse it;
- Don’t shop using public wi-fi because ackers can intercept it;
- Watch out for super-low fake deals.
The scams won’t stop when Prime Days end on Wednesday, July 13, though, experts said.
Phony emails will then proliferate saying things such as “your address needs to be confirmed” or “your credit card payment didn’t go through” will appear.
The messages are always creating a sense of urgency for you to click and reply. Simply don’t do that.
Instead, call Amazon customer service and directly at 888-280-4331 to check with them.
A second option is to use the customer service center on the Amazon website. The link to that can be found here.