Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireTechnologies & SolutionsCybersecurity NewsRetail/Restaurants/Convenience

Amazon Prime Day leads to spike in phishing attempts

online shopping
October 12, 2020

Ahead of Amazon Prime Day, a highly-anticipated two-day online event, Bolster Research analyzed hundreds of millions of web pages and tracked the number of new phishing and fraudulent sites using the Amazon brand and logos. The researchers observed a spike in the number of new monthly phishing and fraudulent sites created using the Amazon brand since August, the most significant since the COVID-19 pandemic forced people indoors in March. 

Shashi Prakash, CTO of Bolster, says, "The huge spike in phishing and fraud sites in September is a strong indication that cybercriminals will be active and trying to profit from the Prime Day frenzy. Shoppers need to stay alert to avoid giving up their personal information or buying products on fraudulent sites for things they will never receive. The best way shoppers can protect themselves is by understanding how to discern safe, secure activity from concerning warning signs that sites are fraudulent to avoid scams."

“Are you ready for another wave of phishing and online fraud? Because it’s coming and you can hardly miss it, thanks to Amazon’s ubiquitous promotion of Prime Day. It won’t be Amazon doing the scamming—it will be the same folks who take advantage of every other thing that excites us, scares us, or moves us to flock online in droves," says Tom Pendergast, Chief Learning Officer at MediaPro, a Seattle, Washington-based provider of cybersecurity and privacy education. "Just like we see during other times of the year, including tax time, elections, and the steady tick of coronavirus news, Amazon’s Prime Day will prompt cybercriminals to set up all manner to traps for people whose (rightful) enthusiasm outstrips their skepticism.”

Brandon Hoffman, Chief Information Security Officer at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, notes that Amazon Prime Day(s) represents a unique opportunity for cybercriminals because there will be a massive focus on special deals. "This creates a situation where people may be scrambling to get a special deal on something and may allow them to overlook common suspicious activity. Another consideration is that Amazon security teams will likely be on high alert for fraudulent activity but that may overshadow some other standard areas of focus leaving a blindspot for less overt tactics against Amazon directly. Specifically malvertising links for Amazon deals that lead to malware or phishing attempts offering early access or special deals."

Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, says, “We saw a massive spike in COVID-19-related scams when the pandemic first broke out. So it makes sense that there would be a spike in Amazon-related URLs, especially at a time when online shopping has become the primary way people are purchasing things."

At the start of the pandemic, Schless says Lookout observed a 37% increase in mobile phishing attempts. Most of these attempts were directly tied to COVID by posing as relief funds, medical updates, or entertainment for life in isolation. 

"People shop on their smartphones and tablets more than ever before. Threat actors know that. We receive messages about new deals and shipping updates through SMS and social media platforms all the time. Phishing campaigns based on something like Prime Day are built to mimic those communications. We’re programmed to interact quickly with notifications on our mobile devices," Schless adds. " It also doesn’t help that mobile devices have smaller screens and simplified user experience that makes it more difficult to spot many of the red flags that would usually warn us of a phishing attack. I’ve seen mobile-specific phishing campaigns recently where they target users with fake SMS messages pretending to be their local package delivery service. When the user taps the link in the message, they’re asked to identify themselves by entering their credit card number or other personal data."

Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management, says, “These days, we are all overwhelmed by emails from different organizations providing offers that ‘we can’t refuse’.  Our appetite for information is immense and cybercriminals know this. Therefore, there may be attachments or links offering further details or information and encouraging us to click before we think.  Very few communications with such links or attachments will be anything other than scams and they should be avoided."

So, how can users protect themselves, their data and their money during this event?

Ray Kelly, principal security engineer at WhiteHat Security, a San Jose, Calif.-based provider of application security, notes, “Social engineering remains a common method for attackers. Humans are often the weakest link in the security chain. Proper training and employing services that test human exposure to social engineering attacks, such as phishing, can be vital to help prevent someone from becoming the next victim.”

"Always think before you click. Take a moment to ask yourself, does this look like a real email? If it has an embedded link or attachment, those are the first things that should set off warning signals," Durbin notes. " Is this a site that you’ve seen before? It is far better to use a well-known brand or one you or colleagues, family, or friends have used in the past. These are questions you need to ask yourself.”

Schless says, "To protect yourself from mobile phishing attacks, you should never tap a link from a number or person you don’t recognize. If possible, contact the sender and validate the communication before interacting with the link. If you do tap one of these links, read the full URL in the browser. Phishing sites often use URL spoofing to look like the Amazon website, for example, but when you view the full URL it’s actually something very different. You should also protect your phone and your personal data by using a mobile security app that offers phishing protection. Not only will this keep your personal data safe, but it also helps protect any work data you access from your personal smartphone, tablet, or Chromebook.”

"Users should exercise caution and operate specifically within the Amazon website or the Amazon apps as opposed to clicking on banner ads or emails, unless the email has been vetted or verified," says Hoffman. "Corporate users who casually browse or shop on their devices may have the benefit of security controls implemented by a security team. However, if corporate users happen to unwittingly bypass those controls the damage will be much more significant than a home user. The most important things users should keep in mind is to work directly on Amazon sites and apps and email confirmed to be direct from Amazon. These basic considerations should help most users avoid an unnecessary unfortunate situation.”

Matt Rose, Global Director of Application Security Strategy, Checkmarx, says, “The delay of this year’s Amazon Prime Day carries large-scale security implications, as cybercriminals have now had ample time to create more sophisticated, targeted campaigns than in years past, such as phishing and crypto-style attacks. Additionally, a record volume of shoppers are expected to take part in Amazon’s Prime Day this year, with COVID-19 creating an increased reliance on e-commerce and the timing of this year’s event falling right before the holidays. This has the potential to be a recipe for disaster, as attackers recognize that their schemes can be cast amongst a wide net of victims."

"With this, and Verizon’s 2020 Data Breach Investigations Report finding that vulnerable web applications are the main cause of retail data breaches, Amazon Prime Day and the upcoming holiday season more broadly should serve as a reminder that all e-commerce brands should prioritize the security of the apps and software to create a safe online shopping experience for customers. Brands who are developing and deploying new web and mobile applications must conduct early and regular security tests throughout the software development lifecycle. For those with applications already in-market, regular security scans should be conducted on a predictive and consistent basis by leveraging automation of AST technologies to uncover new software flaws that may arise, especially when dealing with open source code, with timely patches and updates released accordingly. Additionally, taking a microscope to API integrations is critical to ensure that third-party vendors and software providers are employing the same security standards that your organization expects," says Rose. 

Rose adds, "At the end of the day, it’s important for e-commerce brands to remember that it’s not just their infrastructure they’re protecting, but also the data of their trusting and loyal customers. On the flip side, it’s equally important for consumers to elevate their security awareness around Prime Day and the holiday shopping season. As they rush to take advantage of lightning and flash sales and secure the hottest gifts of the year, it’s important to pause, ensure you’re shopping from a trustworthy vendor and through a reliable application, and that you aren’t inadvertently purchasing an item with known, or potential, security flaws. Before clicking ‘buy,’ ask yourself if this is really something you need and if the convenience pros for something like an IoT device outweigh the potential privacy cons.”

 

KEYWORDS: Amazon cyber security data protection online shopping phishing scam

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Security newswire default

    Surge in Gun Sales Leads Spike in Accidental Gun Deaths

    See More
  • Email app with many unread messages

    Phishing attempts increased by 40% in 2023

    See More
  • What’s worrying consumers and business the most?

    Be careful before you open your Prime Day package

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • facility manager.jpg

    The Facility Manager's Guide to Safety and Security

  • into to sec.jpg

    Introduction to Security, 10th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing