Malicious domains

Prime Day: Beware of fake Amazon websites

Amazon's Prime Day brings scammers onto the scene.

(Bild: ©dennizn - stock.adobe.com)

As part of its Prime Day, Amazon is once again enticing customers with numerous offers and promotions on July 16 and 17. Last year, more than 375 million items were sold worldwide on the bargain days. This attracts fraudsters who try to lure consumers to fake websites. 

The IT security provider Check Point Software warned of this in a press release on Tuesday. According to the report, more than 1230 new Amazon-related domains were registered in June, 85 percent of which were classified as "malicious" or "suspicious" after closer analysis. One of 80 new Amazon domains classified in this way contained the term "Amazon Prime".

The company cites the following domains as specific examples of malicious and fake Amazon websites:

• amazon-onboarding[.]com is a newly registered fraudulent website designed as a phishing site pretending to be Amazon. It specifically targets airline login credentials.
• amazonmxc[.]store is a fake Amazon Mexico website designed as a replica of amazon.com.mx. It has a profile login button in the upper right corner that, when clicked, requests users' credentials.
• amazonindo[.]com is a fraudulent Amazon website. In the upper right corner is a profile login/registration button that collects the user's credentials.

Other domains with malicious code include the following:

• shopamazon2[.]com
• microsoft-amazon[.]store
• amazonapp[.]nl
• shopamazon3[.]com
• amazon-billing[.]top
• amazonshop1[.]com
• fedexamazonus[.]top
• amazonupdator[.]com
• amazon-in[.]net
• espaces-amazon-fr[.]com
• usiamazon[.]com
• amazonhafs[.]buzz
• usps-amazon-us[.]top
• amazon-entrega[.]info
• amazon-vip[.]xyz
• paqueta-amazon[.]com
• connect-amazon[.]com
• user-amazon-id[.]com
• amazon762[.]cc
• amazoneuroslr[.]com
• amazonw-dwfawpapf[.]top
• amazonprimevidéo[.]com

How you can protect yourself
The security researchers have compiled the following seven practical security and protection tips to help consumers protect themselves when shopping online:

1. Check URLs carefully: Look out for spelling mistakes or websites that use a different top-level domain (e.g. .co instead of .com). These fake websites look trustworthy but are designed to steal data.
2. Create secure passwords: Before Prime Day, create a strong and hard-to-crack Amazon account password to ensure account protection.
3. Pay attention to HTTPS: Ensure the website URL begins with https:// and contains a padlock symbol indicating a secure connection.
4. Limit personal information: Do not give unnecessary personal information such as date of birth or social security number to online retailers.
5. Bewareof emails: phishing attacks often use intrusive language to get people to click on links or download attachments. Always check the source.
6. Be skeptical of unrealistic offers: If an offer sounds too good to be true, it probably is. Trust your instincts and avoid dubious offers.
7. Use credit cards: When shopping online, use credit cards rather than debit cards as they are better protected and carry less liability in the event of theft.