It’s been described as Christmas in July for online shoppers. Yet with millions set to log onto Amazon’s Prime Day next week (10th and 11th of July), cybercriminals will be planning to spoil their feast.
Run over Tuesday and Wednesday, Prime Day 2023 is the retailer’s biggest sale of the year and last year saw an estimated £9.4billion1 spent on goods worldwide.
The huge event always attracts more than its fair share of scammers — and with a range of new cons on the market, bargain-hunting Brits need to be alert.
Marijus Briedis, cybersecurity expert at NordVPN, has a rundown of the most popular Amazon scams to be aware of.
- KEYBOARD WORRIER: When the Prime event opens its door just after midnight on Tuesday morning, well-prepared hackers will be looking to profit from any slip-up from enthusiastic shoppers — including spelling mistakes.
As one of the world’s most popular websites, Amazon has been a key target for a scam called typosquatting, where cyber crooks register domain names using a slight variation of the company’s URL code. The criminals will also imitate the main Amazon website, often adding malware to the links to try and steal the credentials of any unwary visitors.
How to avoid: As well as saving popular sites like Amazon to your online bookmarks, searching for Amazon with a search engine should filter out the spoofed sites and ensure the genuine site is the top hit, even if you misspelt it.
- REMOTE CONTROL: Amazon’s sales event is exclusive to shoppers who’ve signed up for a monthly or annual Prime subscription, and this has led to them being targeted by a new cold-calling fraud scam. It involves a subscriber being called by a scammer posing as an Amazon employee informing them their current Prime deal is about to expire or there have been security issues with their account.
In either case, the remedy offered is the same — the customer is instructed to install a piece of remote access software so the caller can then get onto the customer’s account to “solve the issue”. Once downloaded, the hacker has complete access to the account and can wreak havoc, stealing personal information and leaving a trail of malware to do further damage.
How to avoid: If an initial phone call doesn’t ring alarm bells, a company asking for you to download remote software is a definite red flag. Amazon says they would never ask their customers to do this or make a payment outside their platform so you can safely hang up on any caller asking on their behalf.
If you have installed remote access software, quickly disconnect your computer to minimise the damage and then delete the software installation file, which should be at the top of your recent downloads folder, and the application itself.
- DAFT AS A BRUSH: They say you should never look a gift horse in the mouth, but you should certainly question any unexpected gifts that come to you from Amazon. If you haven’t ordered them, it’s not your birthday, and no secret admirer is waiting in the wings, you may have been the victim of “brushing”.
This marketing scam occurs when you are sent unsolicited — and usually cheap-to-ship — items through the post. The aim is for this to be logged as a genuine transaction enabling the seller responsible to boost their sales figures and, critically, write a glowing review of the gift to boost their status on Amazon’s marketplace.
How to avoid: If you’ve received a mystery package like this it means that the scammer has at least your name and address so it’s worth changing your account’s password and setting up two-factor authentication. File a complaint with Amazon online as they may be able to take action against the seller.
- TEXTUAL STEALING: Fake delivery scams flourish in peak shopping times like Christmas — and in the last few years they have also increased around Prime Day. Regular Amazon consumers will be used to receiving notifications about their orders from the retailer so it is easy for a hacker to set the bait for a convincing hoax.
These will come in the shape of a text message, which may carry the Amazon logo, a short message and a fake link. Once clicked this could deliver malware or simply alert the scammer so they can follow up with further messages to try to extract money or information from you.
How to avoid: While extremely credible at first glance, many of these SMS or “smishing” scams can be easily identified if you know where to look. Scan the message for any grammar or spelling mistakes and check where the message came from. Amazon texts usually come from a short source code of no more than seven digits, so treat any from standard mobile numbers as suspicious. Links that route to a non-Amazon site are another telltale sign of a fraud attempt.
- PUSHING THEIR LOCK: One of the common ways online scammers can lure their victims is, ironically, by playing on their cybersecurity fears. A well-known example is a phishing attempt where an Amazon account holder will be sent an email telling them that, as a precaution against fraud, their account has been locked. The message will typically ask the recipient to enter their login details (directly or via an attached link) to verify their account. It may even claim that there has been an illegal attempt to access it and that, only by confirming your password, can you regain control.
How to avoid: As with the delivery scam, this fraud trades on Amazon’s well-known status and — in the run-up to Prime Day — the eagerness of some shoppers to make sure nothing stands in their way of bagging a deal. If you receive a message claiming to be from the company, do not click on any links. Only log into your account by visiting Amazon directly through your web browser — if there are genuine security issues, there will be a message for you under your profile.
