Cybercriminals are never hesitant to try and take advantage of a big event and Amazon Prime Day is no exception.
With every interaction being made online during the 48-hour sale starting on July 15, infosecurity experts are putting out warnings on how to avoid being scammed.
“The increased internet traffic to a specific site with the exchange of payment information makes this an easy crime of opportunity for hackers. They know when and where consumers will be, and the type of information shared,” said Francis Dinha, CEO of OpenVPN.
Email scams are one of the prime methods criminals use to steal information from the unwary at all times of the year, but McAfee is reporting that the 16Shop phishing kit has already been altered and been in the wild since May targeting Amazon account holders. The kit first cropped up last fall when it was used to go after Apple customers. The modus operandi has it sending an email claiming their account information needed to be updated, but instead sent the victim to a fake site where their information was stolen.
McAfee found it has now been updated with an Amazon logo and text and is perfectly suited to fool Prime Day shoppers.
Rick McElroy, head of security strategy for Carbon Black, noted three basic steps anyone can take to determine if an email is part of a scam. Regardless of whether the sender’s name looks legit check for spelling and grammatical errors along with containing odd URLs; view any request for personal or financial information as a potential red flag; only download attachments from a trusted source as a malicious document can contain malware.
Additional dangers through email, third-party product vendors and websites also exist. Monique Becenti, product and channel specialist for SiteLock said consumers need to be aware of coupons, gift cards and ensuring they go directly to Amazon and not through links. Becenti pointed out that some coupons could in fact redirect a victim to a malicious site, one that might look legit, but in fact is set up to steal information.
“When shopping, it’s highly recommended to access Amazon’s website directly through the browser – not through your email or a third party; use two-factor authentication, use a credit card when shopping, and do not process your transaction on a public Wi-Fi connection,” she said.
In the same manner local fire departments suggest replacing smoke alarm batteries when the clocks change for Daylight Saving Time, it’s also a good to use Amazon Prime Day as a reminder to change your account password, said Safe Smart Living. And as an added safety measure it suggests turning on two-factor authentication at the same time.