Fraud Attack

Cybercriminals Use Prime Day As Phishing Bait

Cybercriminals have created a new, realistic-looking phishing campaign targeting Amazon Prime customers, which not only gains access to a customer’s account, but could also infect their computer or mobile device with malware.

Mass emails that appear to come from Amazon are being sent out, thanking customers for making purchases on Amazon’s Prime Day in July. The emails then invite recipients to go to the Amazon website to “write a review” in order to receive a special $50 bonus credit.

Once the link in the email is clicked on, though, the recipient is routed to a clone of the Amazon site. If the customer goes on to enter their username and password, a cybercriminal can then gain access to their account. It is also possible that, through the phishing campaign, malware could be installed on the computers or mobile devices being used to access it.

Flipboard received a copy of the email, which also contains manual instructions in case a recipient doesn’t click on the link. The manual instructions still leads to the bogus site and is unsafe for the recipient.

The safest way to deal with an email allegedly from Amazon Prime regarding Prime Day is to skip the included link and instead type the online retail giant’s web address directly into your browser. After logging in, you can then contact customer service with any questions. And, if you receive a suspicious email, contact Amazon using the instructions on the site’s report-phishing page.

Last year, phishing cyberattacks hit a new record, with the total number of phishing attacks at 1,220,523 — a 65 percent increase over the number of cyberattacks recorded in 2015.

“Phishing is an attack that relies primarily on fooling people, rather than highly sophisticated technical implementations,” said APWG Senior Research Fellow and iThreat VP Greg Aaron. “For that reason, phishing remains both popular and effective.”


Latest Insights: 

The Payments 2022 Study: Building A High-Performance Payments Team For Fraud Detection, a PYMNTS collaboration with Stripe, examines how digital platforms of all sectors and sizes plan to develop their anti-fraud teams as part of their their broader growth and development strategies. Drawing from an extensive survey from approximately 250 payments heads at digital platforms in the U.S. and abroad, our study analyzes how poor anti-fraud capabilities can harm platforms’ long-term growth strategies, and how they can build high-performing teams to tackle these challenges.


To Top