Online sales specials — such as Amazon Prime Day — draw millions of consumers for limited-time offers. But often buyers and cybercriminals expect to score big, but not for the same reasons.
Last year, Bolster Research analyzed millions of web pages and tracked the number of new phishing and fraudulent sites using the Amazon brand and logos. It's common for cybercriminals to target victims by leaning into holidays and current events to steal money and personal information like your email, address, name, and passwords. Impersonation phishing is flagged heavily around tax season and has made a large impact during the COVID-19 pandemic.
How does this impact your online shopping?
If you receive an email with a deal that seems too good to be true, it probably is. Impersonation attackers study legitimate organization's websites and emails to replicate deceiving content. For example, a Prime Day email with super-low deals is sure to catch your eye, but you should avoid clicking any links before you check the signs of phishing. If it passes the test but you are still uncertain, it is best to report and delete the email. To find the deal, you should search the product on the official website with a trusted browser, device, and network.
What’s the risk of this scam?
- You can engage with a malicious link or file that will corrupt your device or share stored information.
- A bad link can take you to an unofficial website that requests login information. Once provided, attackers have your account credentials with full access.
- If you complete a purchase, it is likely that a product will never arrive, and you are out of the money.
- With all of these outcomes, your information and identity are put at risk.
Protecting your information goes beyond browsing
Online sales are often a good time to save on technology and household gadgets, but before you buy, you should consider their impact. Smart lightbulbs, home speakers, door locks, and more are all considered IoT or internet of things devices. While having them is extremely convenient, they collect a hefty amount of data on you. You should not purchase the gadget just because of the deal, consider if the convenience is worth your privacy.
How do you pick safe IoT?
- Check the reviews – This ensures that the product works as described and is worth your money. This includes reading about the company’s security practices, especially if it is one you have never heard of.
- Research the device’s privacy settings - A quick Google search can tell you the default security settings and what data is collected.
- Routinely audit what you use – At this point, having some IoT devices in the home is inevitable. It is important that you keep track of what devices are connected and linked to others with stored data.
- Read more about how to protect your IoT devices.
More security awareness information can be found at uab.edu/phishing.