Amazon.com Inc.’s annual Amazon Prime Day is attracting the interest of hackers attempting to target shoppers.

The annual event, delayed earlier in the year due due to COVID-19 is being actively targeted with emails and SMS text messages that offer fake deals in an effort to trick users into downloading malware or to “phish” their Amazon accounts by appearing to be someone the account owner knows.

Those warnings are reflected in research from Bolster Inc. and Check Point Software Technologies Ltd. Both warn that there has been an alarming increase in the number of registered domains related to Amazon that are malicious. Hackers use fake sites as part of phishing scams.

Shashi Prakash, chief technology officer at Bolster, a company that provides deep learning-powered fraud prevention, told SiliconANGLE that the huge spike in phishing and fraud sites in September is a strong indication that cybercriminals will be active and trying to profit from the Prime Day frenzy. “Shoppers need to stay alert to avoid giving up their personal information or buying products on fraudulent sites for things they will never receive,” he said.

Hank Schless, senior manager, security solutions at mobile security solutions firm Lookout Inc., compared the situation to COVID-19-related scams earlier in the year. “It makes sense that there would be a spike in Amazon-related URLs, especially at a time when online shopping has become the primary way people are purchasing things,” he said.

Brandon Hoffman, chief information security officer at information technology service management company Netenrich Inc., noted that the Prime Day event presents a unique opportunity for cybercriminals because there will be a focus on special deals. “This creates a situation where people may be scrambling to get a special deal on something and may allow them to overlook common suspicious activity,” he said.

In particular, Hoffman said, so-called “malvertising” links for Amazon deals can lead to malware or phishing attempts offering early access or special deals. “Users should exercise caution and operate specifically within the Amazon website or the Amazon apps as opposed to clicking on banner ads or emails unless the email has been vetted or verified,” he said.

Indeed, the holiday volume of emails is an issue, said Steve Durbin, managing director of information security body Information Security Forum explained that the volume of emails is an issue. “Our appetite for information is immense and cybercriminals know this,” Durbin said. “Therefore, there may be attachments or links offering further details or information and encouraging us to click before we think. Very few communications with such links or attachments will be anything other than scams and they should be avoided.”

Image: Amazon