Fraud Attack

Cybercriminals Use Prime Day As Phishing Bait

Cybercriminals have created a new, realistic-looking phishing campaign targeting Amazon Prime customers, which not only gains access to a customer’s account, but could also infect their computer or mobile device with malware.

Mass emails that appear to come from Amazon are being sent out, thanking customers for making purchases on Amazon’s Prime Day in July. The emails then invite recipients to go to the Amazon website to “write a review” in order to receive a special $50 bonus credit.

Once the link in the email is clicked on, though, the recipient is routed to a clone of the Amazon site. If the customer goes on to enter their username and password, a cybercriminal can then gain access to their account. It is also possible that, through the phishing campaign, malware could be installed on the computers or mobile devices being used to access it.

Flipboard received a copy of the email, which also contains manual instructions in case a recipient doesn’t click on the link. The manual instructions still leads to the bogus site and is unsafe for the recipient.

The safest way to deal with an email allegedly from Amazon Prime regarding Prime Day is to skip the included link and instead type the online retail giant’s web address directly into your browser. After logging in, you can then contact customer service with any questions. And, if you receive a suspicious email, contact Amazon using the instructions on the site’s report-phishing page.

Last year, phishing cyberattacks hit a new record, with the total number of phishing attacks at 1,220,523 — a 65 percent increase over the number of cyberattacks recorded in 2015.

“Phishing is an attack that relies primarily on fooling people, rather than highly sophisticated technical implementations,” said APWG Senior Research Fellow and iThreat VP Greg Aaron. “For that reason, phishing remains both popular and effective.”



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.