Cos we are nearing that time of the year when global sales events and massive discounts will attract hordes of hackers!
Amazon is offering more than one million deals through a 48-hour period beginning October 13. Just as some anxious groups of Prime members are rushing to find best buys on the retail platform, so are the hackers.
In the weeks leading up to the event, researchers had conducted an analysis of cyber threats related to Prime Day and had found an alarming increase in the number of malicious registered domains. In those 30 days, there was a 21% increase in phishing domains registered with the word “Amazon”, compared to the previous month. More than a quarter (28%) of those domains have been found to be malicious and another 10% suspicious.
Furthermore, the number of domains registered containing the words “Amazon” and “Prime” has doubled within the last 30 days, with 20% of those domains being malicious.
Hackers imitate trusted e-commerce websites to lure consumers into keying-in their most sensitive data, such as their credit card information, names, birthday, email and physical addresses, and other details, into the hacker’s malicious site. Armed with that data, hackers can either go on a spending spree of their own using the victims’ card details, or sell on those details to other criminals.
How to stay safe online
According to the researchers from Check Point, follow these practical security and safety tips and you will likely stay safe while shopping:
- Watch for misspellings of “Amazon.com”. Beware of misspellings or sites using a different top-level domain other than “Amazon.com”—for example, a “.co” instead of “.com” suffix. Deals on these copy-cat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.
- Look for the lock. Avoid buying something online using your payment details from a website that does not have secure sockets layer (SSL) encryption installed. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag.
- Share the bare minimum. No online shopping retailer needs your birthday or social security number to do business. The more hackers know, the more they can hijack your identity. Always maintain the discipline of sharing the bare minimum when it comes to your personal information.
- Create a strong password. Once a hacker is inside your account, it is game over. Make sure your password for all your e-shopping platforms are unique and uncrackable, well before entering into any 11/11 or 12/12 deals.
- Do not go public. If you find yourself at an airport, a hotel or your local coffee shop, please refrain from using their public wi-fi to shop on Prime Day or other major e-sales days. Hackers on such networks can intercept emails, payment details, browsing history or passwords.
- Beware of “too good to be true” bargains. This will be tough to do, as Prime Day and other sales events are all about great offers. But, if it seems WAY too good to be true, it probably is. Go with your gut: an 80% discount on the new iPad is usually not a reliable or trustworthy purchase opportunity.
- Stick to credit cards. During Prime Day, it is best to stick to your credit card. Because debit cards are linked to our bank accounts, we are at much higher risk if someone is able to hack our information. If a card number gets stolen, credit cards offer more protection and less liability.
The firm’s Data Threat Researcher Omer Dembinsky commented: “We’re sounding the alarm bells, as we’re seeing unusually-high surges of malicious domains attempting to imitate the e-commerce giant at this time. Before Amazon Prime Day, create a strong password, don’t overshare personal details on your profile, and watch for any misspelling of Amazon.com as you shop from page to page. On Amazon Prime Day, triple check if you are actually on Amazon.com. The revelation is clear: as consumers gear up for Prime Day, so are hackers. One wrong click can lead to all your personal information getting out there.”