Amazon Prime Day Draws Out Cyber Scammers

Cybercriminals lining up to score off Amazon Prime Day shoppers, who spent more than $22B in US online sales alone last year, according to estimates.

Amazon Prime Day ad taped to a shipping box
Source: Prashanth Bala Ramachandra via Alamy Stock Photo

Amazon Prime Day runs from July 11-12, but scammers have already started to capitalize on the worldwide shopping event, which promises exclusive deals for a short time only.

In the days leading up to the Amazon Prime Day sale, cybersecurity experts are already warning they have seen an uptick in malicious activity aimed at both shoppers and retailers.

Trend Micro has been monitoring the rise in cybercrime in the lead-up to Amazon Prime Day, and observed a more than 33% increase in Amazon scams in the week beginning June 28 and running through July 4, compared to the previous week's activity. The Trend Micro team warned that there has also been a jump in DHL-themed shipping scams, aimed mostly at shoppers in Arizona, California, Florida, Oklahoma, and Pennsylvania — it's unclear if that's a related phenomenon.

Currently Trend Micro is tracking an Amazon Prime Day-themed SMS-text phishing lure asking shoppers to click a malicious link to fix an issue with their account, claim a gift card, or receive free shipping and other deals, prompting targets to share details like emails, phone numbers of other personal information, the company said.

"Scammers love online shopping customers as they can utilize many holidays — in this case Amazon Prime Day — whereby consumers look to get even better deals than they normally would,” Trend Micro's vice president of threat intelligence, Jon Clay, said in a statement provided to Dark Reading. "With Amazon Prime's popularity, we continue to see scams targeting this shopping event increase each week until and shortly after Prime Day occurs."

Shopper Bots Swarm Back for Prime Day

Besides scamming shoppers, experts including Antoine Vastel, head of research at DataDome, have been tracking the ramp up of bad bot activity, which, heading into Amazon Prime Day, currently accounts for about 30% of all website traffic, he said.

These retail bots are poised to snap up popular items quickly, so they can be re-sold at a markup. At the beginning of the year, Ticketmaster blamed similar shopper bots for buying up Taylor Swift concert tickets, enraging her army of fans and prompting the Senate to hold Judiciary Committee hearings.

Vastel pointed out in a statement provided to Dark Reading that Adobe Analytics pegged last year's Amazon Prime Day sales at $22.4 billion in sales in the US, with nearly $12 billion of that being earned in the single 48-hour Amazon Prime Day window.

"Huge sales like Prime Day represent a lucrative opportunity for retail arbiters to get their hands on hot ticket items for less, only to resell them for profit elsewhere," Vastel said. "For online retailers facing similar challenges, this is bad news: the mass numbers of bots used in scraping can slow their website down significantly, remove their competitive edge, and overall reduce revenue."

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights