During the first few days of July, Check Point Research (CPR) has witnessed a 37% increase in daily Amazon-related phishing attacks compared to the daily average last month.
On 12 July, the retail giant will kick off its annual shopping extravaganza 'Prime Day' which promises cash savings and special offers on goods. With online shoppers keeping their eyes on Amazon for upcoming surprises, cyber criminals are also gearing up to exploit the excitement.
Keeping a close eye
While Amazon-related phishing happens throughout the year, there is always an increase in activity around Prime Day. CPR is monitoring cyber threats related to the day, both in the weeks leading up to it and during the event itself.
Over and above the increase in phishing scams, CPR found around 1 900 new domains containing the term ‘amazon’ and 9.5% of these were found to be risky, either malicious or suspicious.
CPR says e-mails are the most common vehicle used by phishers to deliver malware or steal private information. “Bad actors use a wide range of techniques to make their malicious e-mails look legitimate but if you are aware of these techniques, you will be able to identify, and avoid phishing attacks," says CPR.
“Never do what a phisher wants. If there is a suspicious link, attachment, or request for a reply don’t click, open, or send it.”
Next, CPR says to report the e-mail to IT or the security team. “Phishing attacks are commonly part of distributed campaigns, and just because you caught the scam doesn’t mean that everyone did. Report the e-mail to the IT or security team so that they can start an investigation and perform damage control as quickly as possible.”
Finally, delete the suspicious e-mail from the inbox to reduce the chance of accidentally clicking on it in the future.
Effective, easy
- Fake domains
One of the most common techniques used in phishing e-mails are lookalike or fake domains that appear to be legitimate or trusted at a casual glance.
- Incorrect grammar or tone
Often, phishing e-mails are not written by people fluent in the language, and thus contain grammatical errors or spelling mistakes. Similarly, beware of e-mails with the wrong tone or voice, because companies, colleagues, and suchlike, talk and write in a certain way.
- Unusual attachments
A common goal of phishing e-mails is to trick the recipient into downloading and running attached malware on their computer. For this to work, the e-mail needs to carry a file that is capable of running executable code, which means phishing e-mails may have unusual or suspicious attachments such as ZIP files or a Microsoft Office document.
- Psychological tricks
Phishing e-mails are designed to convince the recipient to do something that is not in their best interests and to accomplish this, phishers commonly use psychological tricks in their campaigns, such as a sense of urgency, use of authority, or fear and blackmail.
- Suspicious requests
Phishing e-mails are designed to steal money, credentials or other sensitive information. If an e-mail makes a request or a demand that seems unusual or suspicious, then this might be evidence that it is part of a phishing attack.
Share