Amazon prime day: a buyer’s guide to avoiding phishing campaigns 

by | Jul 10, 2023

AMAZON PRIME DAY IS JUST AROUND THE CORNER  

Amazon Prime Day, a highly anticipated event for online shoppers, presents a prime opportunity for cybercriminals to exploit unsuspecting users. The year 2023 is no exception, as we witness a surge in phishing campaigns that aim to deceive users and steal their valuable credentials. These campaigns employ traditional phishing methods, such as: 

This article sheds light on the growing cyber risks coinciding with online shopping deal days and emphasizes the need for vigilance and caution when navigating the online shopping landscape on Amazon Prime Day and beyond. Read on for a deep dive into the four main phishing campaigns Bolster researchers have been tracking.

PDF-BASED PHISHING CAMPAIGNS

One prevalent method employed by cybercriminals during Amazon Prime Day promotions involves the use of PDF files as attachments. These files bear innocent-sounding names like “Amazon Prime Learning English Recommendations” or “Axis Bank Credit Card Amazon Prime Offer,” designed to appear legitimate.  

However, upon opening the PDF, unsuspecting users are directed to phishing websites meticulously crafted to mimic the official Amazon login page. The attackers employ AI-generated text, such as chatGPT-generated content, to make the phishing sites look convincing. 

 

Naive users who click on the links within the PDF unknowingly provide their credentials to the attackers. 

EMAIL-BASED SPEAR-PHISHING CAMPAIGNS

A particularly alarming campaign has recently emerged involving phishing links embedded directly within emails along with a docx file containing a trojan. This massive spear-phishing campaign is rapidly growing, with hundreds of users falling victim to it every day.

The emails are skillfully designed to resemble legitimate communications from Amazon, enticing users to take immediate action. For instance, subject lines like “Cancel Your Amazon Prime Membership Before the Annual Renewal” trigger a sense of urgency.  

As in any spear-phishing attack, there is a two-pronged approach. Upon opening the attached docx file, users unwittingly unleash trojan malware disguised within the seemingly harmless document where it infiltrates the victim’s system and grants unauthorized access to attackers. From there, the attackers can compromise sensitive information, monitor activities, or even gain control over the infected device.  

Additionally, clicking on the provided links takes users to fraudulent websites closely resembling the official Amazon page. If a user enters their credentials, they unknowingly hand them over to the attackers. 

MALICIOUS APPLICATIONS IMPERSONATING AMAZON APPS

In addition to the PDF and email-based phishing campaigns, cybercriminals are capitalizing on the widespread use of mobile devices for online shopping. They create malicious applications that closely mimic legitimate Amazon apps, exploiting users’ trust in well-known brands. 

These deceptive applications request excessive permissions, such as recording audio, sending SMS messages, accessing precise location, accessing the camera, and reading contact data. Once installed, these malicious apps gain unauthorized access to users’ devices, compromising their privacy and potentially leading to data theft. 

BUILDING LOOKALIKE DOMAINS

Another concerning trend observed is the proliferation of lookalike domains. Attackers continue to create websites that closely resemble official Amazon domains, intending to deceive users into sharing their sensitive information.

These domains may be used in future phishing campaigns and pose a significant threat to unsuspecting Amazon buyers. In 2023, just a few days before Amazon Prime Day, the number of lookalike domains increased by 12.5% from the previous year, reaching a count of 1,800.

This is a list of 170 domains that will likely be used in future phishing attacks related to Amazon Prime Day. The domains resemble legitimate websites but are still under construction. 

List of domains

integrate-amazon[.]top 

process-amazon[.]top 

amazonhot[.]life 

amazon666[.]top 

amazononz[.]com 

amazongift[.]click 

amazon-au[.]life 

amazon-aujava[.]top 

amazon-auser[.]top 

amazonqueenslot999[.]top 

amazone-jp[.]buzz 

presaleamazontoken[.]com 

amazonarticleback[.]com 

amazonbackorder[.]com 

amazonbacporder[.]com 

amazonbreford[.]xyz 

amazoncomunrefund[.]com 

amazoncouponbac[.]com 

amazoncouponmac[.]com 

amazondotask[.]com 

amazonghgtjdf[.]com 

amazonghgtydf[.]com 

amazonhelpserb[.]com 

amazonindbacktr[.]com 

amazonindbacmtr[.]com 

amazonitrefund[.]com 

amazonjianzhi[.]com 

amazonklbghbty[.]xyz 

amazonkorbrefund[.]com 

amazonkordkefund[.]com 

amazonkordrefund[.]com 

amazonlghybacktg[.]top 

amazonlhrefundg[.]com 

amazonlhrejundg[.]com 

amazonloptggy[.]com 

amazonloytggy[.]com 

amazonltybvh[.]com 

amazonltyekh[.]com 

amazonltyevh[.]com 

amazonmr[.]com 

amazonmts[.]top 

amazonoordkgy[.]com 

amazonoordkgy[.]com 

amazonorbmfhhj[.]com 

amazonordbedth[.]top 

amazonordbkckm[.]top 

amazonordejeth[.]com 

amazonordejmgh[.]com 

amazonordereth[.]com 

amazonordermgh[.]com 

amazonordermoney[.]com 

amazonorderrefform[.]com 

amazonorderrefund[.]com 

amazonorderrmfform[.]com 

amazonordrefdhm[.]com 

amazonordrefundty[.]com 

amazonordretunmey[.]com 

amazonordrkfundty[.]com 

amazonoryerrefgy[.]xyz 

amazonplkbfc[.]com 

amazonpmtuvjsc[.]com 

amazonrainforestfacts[.]com 

amazonrefborde[.]com 

amazonrefgfhn[.]com 

amazonrefordlh[.]com 

amazonrefporde[.]com 

amazonrefptyg[.]com 

amazon-refund[.]top 

amazonrefundmord[.]top 

amazonrefundmoyr[.]com 

amazonrefundogf[.]com 

amazonrefundorder[.]com 

amazonrefuntjbc[.]com 

amazonregkvm[.]com 

amazonretbbh[.]com 

amazonretgf[.]com 

amazonretpf[.]com 

amazonretprnordermey[.]top 

amazonretubacord[.]com 

amazonretubamord[.]com 

amazonretubh[.]com 

amazonreyubh[.]com 

amazonreyundogf[.]com 

amazonrn[.]com 

amazonscarcegood[.]com 

amazonstask[.]com 

amazonstockrefund[.]com 

amazontagbgy[.]com 

amazontaghgy[.]com 

amazontayhgy[.]com 

amazontotask[.]com 

amazonuitbackt[.]com 

amazonuitpackt[.]com 

amazonunusrefund[.]com 

amazonunusual[.]com 

amazonvamjgs[.]com 

amazonwaresreim[.]com 

amazonzm[.]com 

prime-amazon[.]live 

shopamazonoffers[.]com 

amazonbackgtgh[.]xyz 

amazonbackmoneyord[.]xyz 

amazondfghasdb[.]xyz 

amazonindentgref[.]xyz 

amazonitbackitg[.]xyz 

amazonmerch[.]xyz 

amazonmoneyfdv[.]xyz 

amazonsingular[.]xyz 

amazonabnormal[.]xyz 

amazonbackjtgh[.]xyz 

amazonbackkoneyord[.]xyz 

amazonbacvkgnmj[.]top 

amazoncommrefund[.]top 

amazoncomm-refund[.]top 

amazon-deals[.]top 

amazonindentmref[.]xyz 

amazonityackitg[.]xyz 

amazonjpsetup[.]xyz 

amazonkoyrtyg[.]top 

amazonlghyjacktg[.]top 

amazonordbackm[.]top 

amazonordekrehthg[.]xyz 

amazonorderback[.]top 

amazonordergods[.]top 

amazonordredth[.]top 

amazonpgkpg[.]top 

amazonrefund-order[.]top 

amazonjpuz[.]top 

amazonoptjkjdf[.]xyz 

amazonorderrefgy[.]xyz 

amazonpoimdfy[.]xyz 

amazonretumoney[.]xyz 

amazonrtumoney[.]xyz 

amazon333[.]xyz 

amazonbreform[.]xyz 

amazongoodrefund[.]xyz 

amazonitbbckitg[.]xyz 

amazonklbphbty[.]xyz 

amazonkowrtyg[.]top 

amazonoptpkjdf[.]xyz 

amazonordbacklty[.]top 

amazonordergmds[.]top 

amazonoutstock[.]top 

amazonrefordit[.]top 

amazonretudngvc[.]top 

amazonrthbrbn[.]top 

amazonarticlereim[.]top 

amazonbacbmoneyord[.]xyz 

amazonbackmoneyst[.]top 

amazonbackordmey[.]top 

amazonbakordref[.]xyz 

amazonordbacklt[.]xyz 

amazonordbjcklt[.]xyz 

amazonordbkcklty[.]top 

amazonorderrehthg[.]xyz 

amazonorderreturn[.]xyz 

amazonordrefmnc[.]top 

amazonordrefunc[.]top 

amazonoryredth[.]top 

amazonpgkyg[.]top 

amazonrefujd-order[.]top 

amazonreturnordermey[.]top 

amazon-secure[.]top 

amazonshopping[.]top 

amazonsu[.]top 

amazonzm[.]xyz 

amazonnoreply[.]top 

amazonnoreply[.]xyz 

helpamazonapp[.]info 

amazonddksisd[.]com 

BUYERS BEWARE – TIME FOR VIGILANCE

The rise in phishing campaigns targeting busy shopping events, like Amazing Prime Day, demands increased awareness and proactive measures. Stay vigilant against PDF-based attacks, be cautious of suspicious emails, and verify the legitimacy of websites before sharing sensitive information. Furthermore, download apps only from official sources and review app permissions to ensure your privacy and security. Remember, cyber attackers are actively exploiting this time of increased online activity, but with awareness and caution, you can protect yourself and have an enjoyable shopping experience during Amazon Prime Day. 

Get your security controls assessment now


Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.

Product

Product Overview

Maximize security posture while ensuring business uptime

Odin

AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control

Integrations

Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Business Continuity

Reduce alert fatigue. Increase Security Effectiveness

MISCONFIGURATION MANAGEMENT

Proactively neutralize misconfigurations to minimize exposure risks

Mobilizing Threat Remediation

Identify and mobilize threat remediation across the security stack automatically.

Solutions

Safe Remediation

Ensure remediation actions do not give rise to additional exposures

VERITI FOR Enterprises

increase business outcomes

VERITI FOR MSSPs

Efficiently manage multiple clients in a consolidated platform

VERITI FOR HEALTHCARE

Neutralize security gaps without impacting healthcare operations

VERITI FOR MANUFACTURING

Protect the heart of your production processes

State of Enterprise Security Controls

DOWNLOAD Report >>

Resources

See all resources

Blog

Veriti's security blog

Downloads

The latest guides, white papers and infographics

Events

Live event and on-demand webinars

Glossary

Our Comprehensive Definitions Guide

MASTERING MODERN OS-LEVEL SECURITY: THE AGENTLESS APPROACH

WATCH NOW>>

Our Story

Learn about Veriti

Careers

Work with us

Newsroom

Our latest updates

Contact US

Get in touch

CHANNEL PARTNERS

Become a partner

MSSPs

Reduce operational costs