Amazon Prime Day Phishing



Amazon Prime Day PhishingCheck Point Research (CPR) observed a 37% increase in Amazon-themed phishing attacks during the first week of July, ahead of Amazon Prime day this week. The emails come in a variety of templates, including one that informs recipients that they’ve recently made an expensive purchase. The user is directed to download an attachment that contains malware. Another email tells users that their payment method needs to be confirmed, and contains a link to a phishing site.

“The team also found approximately 1,900 new domains containing the term ‘amazon’ and 9.5% of these were found to be risky, either malicious or suspicious,” the researchers write. “In the weeks prior to Prime Day 2021, CPR discovered 2,303 new Amazon-related domains with most of them (78%) found to be risky. Our researchers believe that this decrease could partly be explained by cybercriminals not always having the full term “amazon” included in the domain being registered for phishing purposes to avoid detection. Furthermore, these cybercriminals might leverage these domains for a later use, and do not want them to contain content that could be deemed malicious.”

Check Point notes that while the themes of phishing campaigns evolve to address current events, the tactics they use remain largely the same.

“One of the most common techniques used in phishing emails are lookalike or fake domains that appear to be a legitimate or trusted domain at a casual glance,” the researchers write. “For example, instead of the email address boss@company.com, a phishing email may use boss@cornpany.com or boss@compаny.com. The first email substitutes rn for m and the second uses the Cyrillic а instead of the Latin a. While these emails may look like the real thing, they belong to a completely different domain that may be under the attacker’s control.”

New-school security awareness training can teach your employees to follow security best practices so they can avoid falling for social engineering attacks.

Check Point has the story.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Topics: Phishing



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews