June 21 and 22 mark this year’s Amazon Prime Day: the online retail giant’s annual summer sales event. Many consumers are expected to drop hundreds of dollars at this year's shopping event, both at Amazon and at other online retailers offering deals.
The Adobe Digital Economy Index projects the total spent online for 2021 Amazon Prime Day will surpass the $10.9 Billion spent by online shoppers on Cyber Monday in 2020. In the rush to score online deals, shoppers will also need to be on the lookout for malicious activity.
The Better Business Bureau issued a warning ahead of this year’s Prime Day, noting phishing scams increase during busy shopping times like Prime Day and Black Friday.
BBB also advised consumers to be on the lookout for ads on social media that may redirect them to scam websites.
“Con artists often create lookalike websites that, at first glance, appear to belong to a trusted retailer,” BBB noted. “But when you look more closely at the URL, you’ll notice that the domain name is slightly different (i.e., Instead of Popularstore.com, the URL might be PopvlarStore.com or PopularStoreOnline.com).”
Check Point Research, the research arm of cybersecurity company Check Point Software, has noticed an increase in suspicious domain names leading up to this year’s Prime Day. Nearly 80% of the more than 2,300 new Amazon-related domains Check Point found were flagged by their team as potentially dangerous.
Three researchers at Check Point, which has a US headquarters in San Carlos, examined new domain registrations containing the word “Amazon'' over the course of a month. They ran the results through their sensors and used machine learning to detect malicious files. A total of 46% of those domains were found to be malicious and 32% were found to be suspicious. Check Point says its researchers were able to find both phishing emails and fake websites which were confirmed to be malicious.
Ekram Ahmed, a spokesperson at Check Point Software, warned against potential ‘domain spoofing.’ “I would triple check emails in the inbox that allege they’re from Amazon [this] week,” he wrote in a news release.
Tips on Prime Day Shopping
Other tips from Check Point researchers on avoiding security risks this Prime Day include:
- Avoid buying something online from a website that doesn’t have secure sockets layer encryption installed. You can verify a site has this by confirming the URL contains HTTPS. An icon of a lock will also be visible, typically to the left of the URL in the address bar. “No lock is a major red flag,” Check Point noted.
- Share the bare minimum when it comes to your personal information during online shopping.
- If you are in a public place during Prime Day, avoid using public WiFi to shop on Amazon. “Hackers can intercept what you are looking at on the web,” Check Point noted.
- Beware of deals that seem too good to be true. “Go with your gut,” Check Point advises. “An 80% discount on the new iPad is usually not a reliable or trustworthy purchase opportunity.”
- Make purchases with your credit card, if possible. Because debit cards are linked to bank accounts, consumers are at higher risk if their information is hacked.
Tips on Keeping Your Amazon Account Secure
Amazon tells NBC Bay Area it has security measures in place “to ensure accounts and credentials remain secure.” A spokesperson for the company offered the following tips for customers when it comes to account security:
- Choose a strong, unique password for your Amazon account that you don’t use anywhere else
- Add 2-step verification to your account so that you have extra protection if your password is stolen
- Never click on a phone or email message about an Amazon item that you did not purchase. Instead, check the “Your Orders” section of your Amazon account to review your purchases.
- Look closely at the URL of the website you are on. Legitimate websites have a dot before the “Amazon.com” such as https://pay.amazon.com a spokesperson explained
- Don’t fall for phone scams. BBB warned about scams earlier this year from people pretending to be Amazon employees. “Amazon will never contact you first to ask for your password, verification codes, or security question, and we’ll never ask you to disclose or verify sensitive personal information or offer you a refund you do not expect,” the Amazon spokesperson noted.