{"id":12815,"date":"2018-07-16T12:40:51","date_gmt":"2018-07-16T20:40:51","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/07\/16\/news-6582\/"},"modified":"2018-07-16T12:40:51","modified_gmt":"2018-07-16T20:40:51","slug":"news-6582","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/07\/16\/news-6582\/","title":{"rendered":"A primer: How to stay safe on Amazon Prime Day"},"content":{"rendered":"

Credit to Author: Jovi Umawing| Date: Sun, 15 Jul 2018 17:34:53 +0000<\/strong><\/p>\n

Bank card\u2014check!<\/em><\/p>\n

Shopping list\u2014check!<\/em><\/p>\n

Lumbar back support pillow\u2014check!<\/em><\/p>\n

Noise canceling headphones\u2014check!<\/em><\/p>\n

And, of course, coffee\u2014check!<\/em><\/p>\n

If you\u2019re an Amazon shopper, then you know by now that Prime Day<\/a> is nigh!<\/p>\n

And if you\u2019re one of the many who dreads bidding the weekend goodbye, this is probably the one Monday of the year you look forward to.<\/p>\n

It\u2019s true that Amazon Prime Day isn\u2019t your regular Black Friday\/Cyber Monday<\/a> shopping event, but it has quickly become massive enough to warrant one unintended consequence: catching the attention of online threat actors.<\/p>\n

A very big deal<\/h3>\n

Amazon launched Prime Day in 2015 during the company\u2019s 20th anniversary. And they’ve been stepping up their game ever since.<\/p>\n

To date, Prime Day is hailed as the biggest shopping event in the company\u2019s history<\/a>, surpassing its 2016 Black Friday and Cyber Monday revenue.<\/p>\n

Orders placed via mobile devices also spiked, thanks to the Amazon app that many users have downloaded and installed just for Prime Day. And because a huge chunk of sellers on Amazon are\u00a0small businesses<\/a>, increases in overall sales also translates to increased profits for small businesses<\/a>.<\/p>\n

It won\u2019t be a surprise, then, to expect that Prime Day 2018 will be even bigger than last year\u2014and cybercriminals may be counting on this.<\/p>\n

Prime Day security reminder list: Do\u2019s and don\u2019ts<\/h3>\n

Regular readers of the Malwarebytes Labs blog know that Amazon has been used in several threat campaigns to target its users. In 2015 and 2016, we documented spam emails that circulated the web bearing the Amazon logo, and their ruses ranged from requesting users to confirm their account information<\/a>\u00a0to\u00a0filling in a survey in exchange for a small fortune<\/a>\u00a0and\u00a0redeeming a soon-to-be-expired $100 Amazon Prime credit<\/a>.<\/p>\n

Then in 2017, Mark Jones (writing for Kim Komando) reported<\/a> on a phishing email that Komando herself received almost a month after Prime Day ended. The email offered recipients a $50 voucher as a bonus for reviewing a product they recently bought on Prime Day, according to the post. Clicking the link in the email redirected victims to a fake Amazon login page.<\/p>\n

More fake Amazon Prime emails could\u2014and likely will\u2014materialize from here on. But these shouldn\u2019t stop users from enjoying Amazon’s services, or another other e-commerce site’s, for that matter.<\/p>\n

If you enjoy shopping on Amazon during the Prime Day sale (or any other time), protect yourself by protecting your account credentials and shopping transactions. Below is a list of do\u2019s and don\u2019ts you should keep handy alongside your shopping list.<\/p>\n

Do\u2026<\/h3>\n

\u2026download only the legitimate Amazon app from the Google Play and Apple App stores<\/strong><\/em>, which you can find here<\/a> and here<\/a>, respectively. In doing so, you\u2019ll avoid getting confused as to which app to install\u2014as there are a variety of them\u2014and which ones to trust\u2014as there may be impersonators. Threat actors targeting users on mobile devices have become craftier; their latest tactic being the use of Unicode, which allows fake apps to use famous names to pass through security scans.<\/p>\n

\n

Read:\u00a0<\/em>Phony WhatsApp used Unicode to slip under Google\u2019s radar<\/em><\/a><\/p>\n

\n

\u2026setup two-factor authentication (if you haven\u2019t already).<\/strong><\/em> This is for added security, of course. If you\u2019re the type of shopper who takes their time, you may find it quite annoying to re-enter your creds and authentication number multiple times. But having this enabled is so worth the extra hassle because it makes blunt-force entry or even using stolen credentials next to impossible for criminals.<\/p>\n

\u2026use your credit card when paying for purchases as much as you can.<\/strong><\/em> This is because credit cards, and not debit cards, are insured by the bank. Although a type of consumer protection called a chargeback is in place, it is not a legal protection. This means that your card provider may or may not award a chargeback if funds from your debit card are stolen, depending on the case.<\/p>\n

\u2026look at emails originating from Amazon with a critical eye<\/strong><\/em>. <\/em>It\u2019s a prevention mechanism we should all be practicing when handling emails<\/a>, as doing so will save you a lot of headache and firefighting in the long run. Always be cautious. Always question if the email is legitimate or a spoof.<\/p>\n

\u2026familiarize yourself on how to report phishing emails and pages to Amazon<\/strong><\/em>. <\/em>Why? Because fellow shoppers may not be quick enough to sport the fake email you just spotted. Amazon has a handy guide on walking users through the reporting process in this Help & Customer Service page<\/a>.<\/p>\n

\u2026buy items from sellers you trust or are comfortable with<\/strong><\/em>. <\/em>Like any other e-commerce site, Amazon has bad sellers, too. And by that, we mean those who (1) impersonate legitimate companies by stealing their brand and the showcase of products they sell, (2) purport to sell products but never ship them and attempt to run away with your money, or (3) sell you counterfeit or knock-off goods.<\/p>\n

If you don\u2019t know which seller to trust, check out the third-party supplier\u2019s Amazon page and see when their profile was created. Usually, the scam ones are those that have just been launched and suddenly have pages upon pages of a variety of cross-industry products, which are often just stolen images from real sellers. Also, watch out for third-party sellers with too-good-to-be-true glowing reviews as (1) they may have been auto-generated by bots or (2) they\u2019re paid reviews designed to put sellers in a favorable light.<\/p>\n

Don\u2019t\u2026<\/h3>\n

\u2026reuse passwords.<\/strong><\/em> If the Amazon account password you\u2019re using now is the same as your, say, Twitter password, it\u2019s time to change that. You\u2019re just making it easy for criminals to access two or more of your online accounts.<\/p>\n

\u2026enable macros.<\/strong><\/em>\u00a0Let’s say an “Amazon” email has convinced you that it\u2019s real. You open the attachment. It asks you to turn on macros. You should consider stopping at this point because doing what it tells you to could open two possible scenarios: one, nothing will happen; two, you just got your computer infected with malware. Think about this.<\/p>\n

\u2026fall for Amazon gift card scams.<\/strong><\/em> We rarely read about this, but it happens. Usually, questionable sellers ask prospective buyers to pay for an item outside of Amazon in the form of gift cards. If a seller suddenly asks you this, disengage from the conversation and report them to Amazon immediately.<\/p>\n

\u2026use public Wi-Fi to shop.<\/strong><\/em> You\u2019re only exposing yourself to Man-in-the-Middle attacks<\/a>. It\u2019s better to shop at home or at work during your break time.<\/p>\n

If you make it a point to address our (potential) security issues first and make mental notes of the rest in our list, then Prime Day 2018 shouldn\u2019t be that stressful.<\/p>\n

So, what are you waiting for? Ready, set, shop!<\/em><\/p>\n

Other posts related to Amazon you might be interested in reading:<\/p>\n