Security researchers at Check Point have uncovered a significant surge in malicious Amazon-themed domains, with 6,843 new registrations detected between December and May. Analysis revealed that nearly 10% of these domains were flagged as either malicious or suspicious, representing a substantial threat to online shoppers and corporate users alike.
The timing of these domain registrations aligns with major Amazon shopping events, particularly Prime Day, when consumer activity peaks and users are more likely to click on promotional links. Threat actors exploit this increased traffic by creating convincing fake domains that mimic legitimate Amazon properties, making it difficult for average users to distinguish between authentic and fraudulent sites.
These malicious domains typically serve as platforms for phishing campaigns designed to harvest user credentials, payment card information, and personal data. Attackers often send emails or messages containing links to these fraudulent sites, presenting fake login pages or promotional offers that appear legitimate. Once users enter their information, attackers gain access to Amazon accounts and associated payment methods.
The threat extends beyond individual consumers to enterprise environments, where employees may use corporate email addresses for personal Amazon accounts or fall victim to business email compromise schemes leveraging Amazon's trusted brand. Compromised credentials can provide attackers with entry points into corporate networks or access to company payment systems.
Security teams should implement email filtering to block known malicious Amazon-themed domains and conduct user awareness training focused on identifying phishing attempts during major shopping events. Organizations should encourage employees to access Amazon only through official apps or by manually typing the URL, never clicking links in unsolicited emails. Multi-factor authentication should be mandatory for all accounts, and security teams should monitor for any Amazon-related credential exposure in dark web marketplaces.
Source: https://www.scworld.com/brief/amazon-prime-day-fuels-surge-in-malicious-domains-researchers-warn