New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Threat Actors Taking Advantage of Prime Day Shoppers

Amazon is gearing up for its annual Prime Day event which is being held this year on June 21st and June 22nd. This has been an invitation in the past for attackers to take advantage of shoppers looking for a deal, and it looks like nothing will change this year. Researchers at Check Point have observed a 10% increase in registered domains using “Amazon”, with 2,137 in 2020 and now 2,303 in 2021. The most disturbing fact is that nearly 50% of the new domains using Amazon are malicious, with a third are deemed suspicious. Threat actors are creating targeted phishing emails that are attempting to get Amazon customers to visit fake domains. Check Point researchers provided an example of one of the phishing messages that have been circulating.

 class=
Phishing example, using Amazon logo coming from “Amazon Team”

A fake site for the Japanese Amazon page was also observed by researchers. Amazon has not made a statement regarding the uptick in malicious domains.

Analyst Notes

Check Point has released a list of steps users should take to avoid Prime Day scams; those can be found below, with some edits from Binary Defense.

1. Watch for misspellings of Amazon.com. Beware of misspellings or sites using a different top-level domain other than Amazon.com. For example, a .co instead of .com. Deals on these copy-cat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.
2. Look for the lock. Avoid buying something online using your payment details from a website that does not have TLS (often referred to as the older technology SSL) encryption configured. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock on a shopping site is a major red flag. A fake lock icon (somewhere in the page itself or the site title) is an even more severe indicator that a site could be malicious.
3. Share the bare minimum. No online shopping retailer needs your birthday or social security number to do business. The more hackers know, the more they can hijack your identity. Always maintain the discipline of sharing the bare minimum when it comes to your personal information.
4. Always note the language in the email. Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they’re in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
5. Before Prime Day, create a strong password for Amazon.com. Set up Multi-Factor Authentication (MFA) for your Amazon.com account. Once a hacker is inside your account, it is game over. Make sure your password for Amazon.com is uncrack-able, well before June 21.
6. Don’t go public. If you find yourself at an airport, a hotel or your local coffee shop, please refrain from using their public wi-fi to shop on Amazon Prime Day. Hackers can intercept what you are looking at on the web. This can include emails, payment details, browsing history or passwords.
7. Beware of “too good to be true” bargains. This will be tough to do, as Prime Day is all about great offers. But, if it seems WAY too good to be true, it probably is. Go with your gut: an 80% discount on the new iPad is usually not a reliable or trustworthy purchase opportunity.
8. Stick to credit cards. During Prime Day, it’s best to stick to your credit card. Because debit cards are linked to our bank accounts, we’re at much higher risk if someone is able to hack our information. If a card number gets stolen, credit cards offer more protection and less liability.

https://blog.checkpoint.com/2021/06/16/cybercriminals-go-after-amazon-prime-day-shoppers/?web_view=true