Check Point Research (CPR) observed a 37% increase in Amazon-themed phishing attacks during the first week of July, ahead of Amazon Prime day this week. The emails come in a variety of templates, including one that informs recipients that they’ve recently made an expensive purchase. The user is directed to download an attachment that contains malware. Another email tells users that their payment method needs to be confirmed, and contains a link to a phishing site.
“The team also found approximately 1,900 new domains containing the term ‘amazon’ and 9.5% of these were found to be risky, either malicious or suspicious,” the researchers write. “In the weeks prior to Prime Day 2021, CPR discovered 2,303 new Amazon-related domains with most of them (78%) found to be risky. Our researchers believe that this decrease could partly be explained by cybercriminals not always having the full term “amazon” included in the domain being registered for phishing purposes to avoid detection. Furthermore, these cybercriminals might leverage these domains for a later use, and do not want them to contain content that could be deemed malicious.”
Check Point notes that while the themes of phishing campaigns evolve to address current events, the tactics they use remain largely the same.
“One of the most common techniques used in phishing emails are lookalike or fake domains that appear to be a legitimate or trusted domain at a casual glance,” the researchers write. “For example, instead of the email address boss@company.com, a phishing email may use boss@cornpany.com or boss@compаny.com. The first email substitutes rn for m and the second uses the Cyrillic а instead of the Latin a. While these emails may look like the real thing, they belong to a completely different domain that may be under the attacker’s control.”
New-school security awareness training can teach your employees to follow security best practices so they can avoid falling for social engineering attacks.
Check Point has the story.
