A member of the Red Hacker Alliance in Dongguan, China in August 2020 monitors cyberattacks around the world. Hacks have increased through the pandemic and the war in Ukraine – Copyright AFP/File Noel Celis
According to data presented by Atlas VPN, Amazon is the most impersonated retail brand in phishing websites, with over 1,633 suspicious sites detected in the last 90 days.
Some of those sites have already been taken down, either by scammers themselves or by various security measures. However, as of July 2022, as many as 897 websites are still live.
The data for the research was extracted from CheckPhish, a phishing and fraud site scanner, which uses deep learning, computer vision, and NLP to simulate how a person would examine, comprehend, and reach a verdict on a suspicious website.
In particular, the data finds over 1,633 phishing sites impersonating Amazon were detected in the last 90 days and it remains that nearly 900 of those sites are still accessible. Furthermore, Walmart is the second-most mimicked retail brand, with 427 total site detections, out of which 109 are live.
The times when fraud is highest is when Amazon’s special days occur, such as Black Friday, Cyber Monday, and Amazon Prime Day, as well as during and the Christmas period. These are seemingly the most opportune moments for criminals to dupe consumers into visiting fake sites, which can look nearly identical to the real ones. Fraudsters can even use Google Ads to rank well in Google searches.
After Amazon, the following most imitated retail brand is Walmart, with 427 phishing sites detected in the last 90 days, out of which 109 are still up and running. Alibaba, one of the largest e-commerce companies globally, is the third most mimicked brand in phishing websites, with 398 detections in the last 90 days, out of which nearly half – 174 are still live.
With online retail fraud in general, scammers use the latest technology to set up fake retailer websites that look like genuine online retail stores. They may use sophisticated designs and layouts, and possibly stolen logos.
Also of concern are URLs with extraneous words or characters (most stores use only their brand name in web addresses) or unusual domains — for example, .bargain, .app or a foreign domain instead of .com or .net.
As well as consumers being careful, retailers can reduce their chances of being hit by retail fraud by investing in top-level identification software. This enables retailers to thoroughly verify any customer’s identity and set up “red flag” systems to alert them to any indications of suspicious activity.