Every year, Amazon Prime Day brings with it not only great deals but also significant risks of fraud and cyber attacks. This year, Veriti’s research team delved into various hacker forums to uncover the tactics and techniques used by scammers targeting this major shopping event. Our investigation revealed intriguing discussions among cybercriminals, particularly focusing on methods to steal and exploit Amazon gift cards and account credentials.
Our research highlighted a specific scam where a hacker, under the pseudonym “kinavayakam,” discussed how they could “card Amazon” – a term referring to the creation of fraudulent Amazon gift cards using stolen credentials. To prove their capabilities, the scammer shared screenshots from their inbox, revealing the ongoing communication and transactions related to these illicit activities.
Veriti’s research also identified a sophisticated phishing campaign targeting users in the USA, Slovakia, and Turkey. This campaign involved phishing emails disguised as account alerts, designed to lure victims into providing their login details through a fake Amazon login page.
Amazon Gift Cards with Stolen Credentials:
During our research on various hacker forums, we encountered a detailed discussion initiated by a scammer known as “kinavayakam.” This individual was looking for partners to join in his Amazon theft operations. Specifically, he outlined a scheme where he could generate Amazon gift cards using stolen credentials. The term he used was “card Amazon,” referring to the fraudulent creation of gift cards by exploiting compromised accounts.
To convince skeptical forum members of his capabilities, kinavayakam shared screenshots from his inbox, showcasing correspondence that evidenced his ongoing scams. These screenshots provided a rare glimpse into the inner workings of these fraudulent activities, including conversations about successful thefts and transactions involving stolen Amazon gift cards.
This forum thread illuminated the methods and strategies used by cybercriminals to exploit stolen credentials for financial gain. It became clear that the scam wasn’t just theoretical but actively in progress, with real-time examples of how stolen data was being converted into valuable digital assets. By exposing these discussions, Veriti’s research highlights the sophisticated and organized nature of cybercrime surrounding major shopping events like Amazon Prime Day.
As you can see in the above screenshot, Apple iPads are one of the lovable items scammers are purchasing with the stolen credentials and gift cards.
In parallel, in another forum, as part of “contributing the community”, one of the hackers published a list of stolen credentials of Amazon users – allowing all forum members to use the stolen accounts for their own needs.
Email Phishing Campaign Targeting USA, Slovakia & Turkey:
Veriti’s research team identified a highly coordinated phishing campaign aimed at Amazon users in the USA, Slovakia, and Turkey. This campaign was designed to deceive recipients into believing their Amazon accounts were at risk, thereby prompting them to take immediate action.
The phishing emails were crafted to appear as legitimate communications from Amazon, complete with familiar branding and language. These emails informed recipients of unusual payment activity or other security concerns with their accounts, urging them to verify their information to prevent account suspension. The attached PDF file, misleadingly named “Details_Statement_ID_<ID number>,” contained a link to a phishing site designed to mimic the Amazon login page.
Upon clicking the link, users were redirected to a fake Amazon page where they were prompted to enter their login credentials. Once these details were submitted, the attackers would capture them, gaining unauthorized access to the victims’ Amazon accounts. To add another layer of deception, the phishing site also included a secondary step that directed users to a fake Google login page, aiming to harvest even more sensitive information.
This phishing campaign’s sophistication lies in its multi-stage approach and its ability to bypass initial suspicions by mimicking trusted services. The attack leveraged common concerns about account security to manipulate users into divulging their personal information.
Lessons Learned: How to Stay Vigilant During Amazon Prime
The findings from Veriti’s research into cybercriminal activities surrounding Amazon Prime Day underscore the critical need for heightened vigilance among consumers. As we have uncovered, scammers and hackers are increasingly sophisticated, employing a range of tactics to exploit the popularity of this major shopping event. These insights provide valuable lessons on how consumers can protect themselves from falling victim to such schemes.
Best Practices to Shop Safely
- Be Skeptical of Unsolicited Emails: Always approach unsolicited emails with caution, especially those claiming to be from Amazon or other reputable companies. Look out for phishing attempts by scrutinizing email addresses, links, and attachments before clicking on anything.
- Enable Two-Factor Authentication (2FA): Strengthen your account security by enabling two-factor authentication. This extra layer of protection can prevent unauthorized access even if your login credentials are compromised.
- Monitor Account Activity: Regularly check your Amazon account and bank statements for any suspicious activities or unauthorized transactions. Promptly report any anomalies to Amazon and your financial institution.
- Use Strong, Unique Passwords: Ensure your passwords are strong and unique for each of your accounts. Avoid using easily guessable information and consider using a password manager to keep track of your credentials securely.
- Verify Before You Buy: When shopping online, especially during high-traffic events like Amazon Prime Day, verify the authenticity of deals and sellers. Be wary of offers that seem too good to be true and stick to well-known, reputable vendors.
By following these best practices and taking proactive steps, shoppers can significantly reduce their risk of falling victim to cyber threats during Amazon Prime Day.
