KnowBe4 Security Awareness Training Blog

Scam Of The Week: Bad Guys Prep For Prime Day Phishing Attacks

Written by Stu Sjouwerman | Oct 10, 2020 2:37:42 PM

Amazon, the world’s largest online retailer, hosts a massive sales event once a year called Prime Day. Usually set in July, the highly awaited two-day event was postponed until October 13th and 14th this year. While you get ready to shop, the bad guys are getting ready to scam you any way they can. A report from Bolster Research shows a large spike in phony websites using the Amazon brand since August. 

One scam site that researchers found uses the deceiving URL www.amazoncustomersupport[.]net. The page is an Amazon lookalike that claims to help with refunds and order cancellations. All you have to do is provide your order number and credit card information—or so they say. In reality, anything you enter on this page is delivered directly to the bad guys.

Another site that researchers found is a phony Amazon loyalty program. The website offers a free iPhone 11 Pro for answering survey questions and playing a game. If you win the game (spoiler: everyone wins!), you’re asked to provide credit card information in order to receive your free iPhone. Of course, you’ll never receive the phone and you’ll start to see some strange charges on that credit card. 

Give your employees, friends, and family a heads up by using the following text (feel free to copy/paste/edit):

Amazon’s massive Prime Day sales event is on October 13th and 14th this year. Bad guys have already created phony Amazon lookalike sites designed to trick people into providing confidential information. 

Follow these tips to shop safely:

  • Go directly to Amazon.com to shop. This is the only way to be sure you are shopping on the real Amazon. 
  • Never trust a link in an email that you were not expecting. Bad guys will be sending sneaky phishing emails that direct you to these phony amazon pages.
  • Look for anything out of the ordinary. For example, Amazon will never ask you to re-enter saved payment information.
  • If it looks too good to be true, it is. The Prime Day event may have some good deals, but not “Free iPhone” good!

If you are a KnowBe4 customer, the information from this blog post will be included in this week’s Scam of the Week email template. To learn how to send this to your users, check out our How to Set Up a "Scam of the Week" Newsletter knowledge base article.

For customers, we also recommend preparing users for these threats by testing them using these templates from our Current Events category:

  • Amazon Prime Day: Special deals and offers for Amazon Prime Day! (Link)
  • Amazon Prime Day: Help with returns and order cancellations (Link)

For more information on how to use these templates, see our Creating and Managing Phishing Campaigns knowledge base article.