File picture
File picture

About 80% of ’Amazon branded’ domains are potentially dangerous

By Yasmine Jacobs Time of article published Jun 24, 2021

Share this article:

Check Point Research (CPR) has found that nearly 80% of domains containing the word “Amazon” are potentially dangerous.

Cybercriminals are impersonating the Amazon brand ahead of the popular annual shopping event Amazon Prime Day 2021 in a bid to trick consumers into credential theft of their email addresses, payment details, and passwords.

This year's event, which has been running for two days from June 21 to June 22, offered millions of deals and special offers to Amazon’s 150-million-plus Prime subscribers around the world.

Checkpoint Research (CPR) has found that 46% of new domains registered with the word ’Amazon’ are malicious and 32% of new domains registered with the word ’Amazon’ have been deemed suspicious by CPR.

CPR also found that 32% of new domains registered with the words “Amazon Prime” are malicious.

In the last 30 days, over 2 300 new domains were registered about Amazon, a 10% increase from the previous Amazon Prime Day, where the majority now are either malicious or suspicious.

“Prime Day is a prime opportunity for cybercriminals. The shopping event can be fun, but also dangerous for consumers. The danger here is being tricked into giving up your credit card info, your passwords, and even your home or email address to cybercriminals. Their goal is to make money off your personal details,” said CheckPoint Software Security Regional Director: Africa Pankaj Bhula.

“The tactic cybercriminals use for their deception is domain spoofing, where you click on a page that appears to be from Amazon, but you’re on the malicious ground. Clearly, cybercriminals are doubling down on Prime Day this year, as all the domains around ’Amazon’ have red flags. I strongly urge Prime Day shoppers this year to be extra cautious, to watch for misspellings, and to share only the bare minimum. I would triple check emails in the inbox that allege they’re from Amazon next week,” added Bhula.

What are spoofing domains and why do cybercriminals do it?

Domain spoofing is a popular way for cybercriminals to steal money or sensitive data.

These domain registrations look extremely similar to the real domain and aim to divert online traffic and redirect unsuspecting consumers to websites that contain malware. It also prompts users to provide personal identifying information.

In this case, cybercriminals are aiming to hide behind the Amazon brand to target Prime Day shoppers with emails that prompt the recipient to click a malicious link or respond with sensitive information.

How to Stay Safe on Amazon Prime Day

People are urged to be vigilant on Amazon Prime Day and check for misspellings of or if it uses a different top-level domain other than For example, a .co instead of .com. Deals on these copy-cat sites may look just as attractive as on the real site, convincing users that this is the real deal and eventually give up their data.

It is important to check if the website has a secure sockets layer (SSL) encryption installed. You will be looking for the letter ’S’ in HTTPS and an icon of a locked padlock to the left of the URL. If you do not see the lock and ’HTTPS’, leave the site immediately. It is worth remembering that users should avoid buying something online using their payment details from a website that does not have SSL.

Only share the bare minimum. No reputable and legitimate online shopping retailer needs your birthday or ID for a transaction. Cyberattackers ask for these details because the more hackers know, the more they can hijack your identity.

Pay attention to the language used in the email. This does not mean typos or grammatical errors. It’s basic social engineering techniques. The email will usually make it sound like it is a matter of urgency. People are more likely to make mistakes when they’re in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks use these techniques to convince targets to ignore any suspicions they might have about an email and click on a link or open an attachment.

You have heard this before and you will hear it again, but create a strong password for Once a hacker is inside your account, there is not much you can do.

Lastly, as the old adage goes 'If it sounds too good to be true, it probably is. And when it comes to online sales, it definitely is, so watch out for sales that are just TOO good to be true.


Share this article: