Amazon Prime Day Phishing on the way

Amazon Prime Day, the e-retail giant’s two-day festival of promotions, special deals and discounts, is right around the corner, expected to launch on June 21st. Shoppers are eager and already seeking the web for the one time offers and deals that are traditionally breaking grounds and records in online shopping. Threat actors and hackers are already on the field, spreading malicious content and gearing up to leverage their own “special deals” on these online days.

Researches have found alarming signs of malicious and suspected domains being erected, which are expected to lure eager online shoppers in various phishing campaigns to steal credentials, and gain unauthorized access to funds and financial transactions.

Alarm over Domain Registrations

In the previous Amazon Prime Day period, during October 2020, 28% of domains registered containing the word “Amazon”, were found to be malicious and another 10% suspicious.20% of domains registered containing the words “Amazon” and “Prime” were found to be malicious.

2,303 new Amazon-related domains were registered in last one month, compared to 2137 in 2020. However, this year, almost half (46%) of those domains have been found to be malicious and another 32% suspicious. As for new Amazon Prime’s related domains, there were 32% malicious sites.

Impersonation of the “Amazon Team”

Below is an example our researchers found of a phishing mail which seems like it was sent from “Customer Service”, but from looking on the email address it’s clearly understood that it’s phishing (admin@fuseiseikyu-hl[.]jp). The attacker was trying to lure the victim to click on a malicious link, which redirects the user to http://www[.]betoncire[.]es/updating/32080592480922000 – The link is inactive. Subject: Mail sent from Amazon:Wednesday, June 2, 2021 (GMT+10)