Today and tomorrow (July 11-12) are Amazon Prime Days, days shoppers look forward to getting deep discounts on goods. Are you prepared? Cybercriminals are. They are ready with phishing emails directing people to “special deals” on malicious websites.
With the US alone accounting for up to 60,000 orders per minute on the platform during its 2022 event, Amazon is hoping to measure equal or greater success this year.
Being that the event is somewhat of a time-limited occasion (though buyers do have two days to check for deals), cybercriminals want to capitalize on the pressure by tricking victims into supposedly urgent calls to action that ultimately reveal personal information, including payment details.
There is a high level of creativity during the popular event, leaving buyers with more than one type of scam to look out for. Some examples include fake payment failure emails which redirect to a malicious site that harvests credit card details and fake profile update links.
Checking the email sender’s domain is vital, but even if it appears valid, consumers are being warned to access their account by typing amazon.com into their address bar, and not following potentially suspicious links which could steal information or spread malware.
The Office of Cybersecurity recommended to look out for these warning signs:
- Look out for any misspellings on any emails and ads
- If you’re asked to provide additional details (ex. your birthday or social security number) it is most likely a scam
- Make sure to have a strong password created before Amazon Prime Day, and use Credit Cards instead of debit cards
Please stay cybersecurity aware while shopping online!
What has been reported to abuse@uthsc.edu this past week?
- Incoming emails quarantined : Attention needed – this phish attempted to look like it came from Microsoft, but the email address didn’t match.
- [Ext] Completed: Complete Doc viaSign – this phish wanted the recipient to click on a link, but even a quick glance at the Subject line – “Doc viaSign” shows poor grammar.
- [Ext] Task – the start of a gift card scam, this phish spoofed the name of someone on campus trying to get someone else to do a “favor”.
- [Ext] Request for Direct Deposit Change – this phish attempted to impersonate one of our Deans in changing their banking information. Payroll caught it.
Keep reporting suspicious emails to abuse@uthsc.edu for examination. If you wish to report an incident to the Office of Cybersecurity, use TechConnect.