Amazon Prime Day presents opportunities for shoppers, and scammers too
Amazon Prime Day offers consumers deep discounts on appliances, electronics and other products, but it also provides an opportunity for cybercriminals to take advantage of their affinity for a good deal.
Bad actors are known to prey on shoppers' eagerness to buy online during the retail holiday, which is one of the most anticipated shopping events of the year. Indeed, Amazon said scams tend to spike around the event, which this year will take place July 16 and 17.
Last year, around Prime Day, Amazon shoppers reported three times as many scams as usual to the company. Customer reports of bad actors trying to dupe them rose from roughly 5,000 a week to more than 14,000 a week, Scott Knapp, Amazon's director of worldwide buyer risk prevention told CBS News.
Criminals target consumers by email, text message, and even phone, according to Knapp. Notably, there's been a recent uptick in cybercriminals successfully deceiving consumers by phone.
Fake product reviews, phishing and "smishing" attempts, whereby criminals send shoppers links used to steal their information, aren't unique to Amazon or Prime Day. They typically spike around any big sales event, including Black Friday or the Christmas shopping season, according to the Better Business Bureau (BBB).
"More deals are great for consumers, and more people out shopping is great for businesses large and small. Just be careful, and don't get so caught up in the excitement that you fall for phishing scams, misleading advertisements and lookalike websites," the BBB warns.
Counterfeit products
In addition to criminals creating fake websites to try to obtain Prime members' personal information, they also pose as legitimate third-party sellers on Amazon.com, but hawk fake merchandise.
"The only sure thing about the marketplace is that any big shopping event is associated with a rise and influx in the availability of counterfeit products," Saleem Alhabash, professor of digital advertising at Michigan State University. "There is always market awareness by counterfeiters that these are high-volume days — and from a psychological perspective, consumers know there's a time limit for getting that good deal, and scammers harp on that in making the counterfeit product available."
An abnormally low price for an expensive product could be a telltale sign a product is inauthentic. Of course, that's harder to detect during Prime Day, when shoppers expect deeply discounted prices on popular goods.
"In terms of spotting malicious activity, we say that if you see an expensive brand offered at a much lower price that seems too good to believe, that's a red flag," Alhabash said. "But that can be tricky with a sales event like Prime Day, because the whole idea is to sell things at lower prices."
Cybercriminals are using Amazon Prime Day as an opportunity to ratchet up the types of scams they target consumers with year round. There is a wide range of fraudulent activity to be alert to this year.
The high volume of third-party sellers on Amazon.com also presents an opportunity for scammers to pose as legitimate businesses. Oftentimes, they purport to be selling a hot product, like a stick vacuum cleaner or high-end blender, but after taking consumers' credit card information they'll send them a subpar knockoff, or nothing at all.
"They present as sellers of brand name products, and they charge a lot of money," said Ram Bala, associate professor of AI & analytics at the Leavey School of Business at Santa Clara University. "As the number of sellers has increased, it's harder to keep track of who is a scammer and who isn't."
Amazon's Knapp said the company has "zero tolerance" for counterfeit products in its store, and removes knockoffs from its site as soon as it identifies them. "Then we go after bad actors who try to sell counterfeit in the store," Knapp said.
Additionally, to date, Amazon has taken action against more than 40,000 phishing websites and 10,000 scammy phone numbers.
AI reviews
Fake reviews have also proliferated online, aided by generative AI tools like ChatGPT that make it easy for cybercriminals to rapidly produce product reviews.
"If a consumer is looking at a review right now, they may be AI-generated or augmented," Saoud Khalifah, founder of Fakespot, told CBS MoneyWatch. "People are using tools like ChatGPT to help them with their jobs, but they're being used to write reviews, too."
Still, fake reviews are likely to be riddled with grammatical errors and contain sentences that don't make sense. They also tend to be vague and lack details about the product they relate to, according to Khalifah.
Sellers of fake products often generate dozens of fake reviews to draw attention to their pages. If an item has 100 five-star reviews generated in the span of a day, that may be a tip off that they're not authentic.
According to Fakespot, categories of products that are relatively insulated from fake reviews include Apple products, video game chairs, computers and books. Bluetooth headphones, clothes, stick vacuums and electric brooms typically have the most fake reviews, as do cheaper electronics, in the $30 - $50 range.
"That's because it's a highly competitive category, with so many products and sellers competing with each other, and the listing that wins out is the one with the most reviews," Khalifah said.
Phishing and smishing scams
Phishing scams and so-called smishing scams, in which criminals make contact via SMS or text message, are abundant and can be highly sophisticated, too.
"Scammers are refining their techniques, and the most common scam type is they are creating fake websites that are Amazon lookalikes in order to get you to engage in a fraudulent loop," Zulfikar Ramzan, chief scientist at Aura, told CBS MoneyWatch.
Phishing emails could offer consumers fake deals, and direct them to a website that appears to be Amazon, but is in fact a replica. Signs of a scammy website can be found in its URL. It might contain Amazon somewhere in the address, but with a zero could in the place of the letter "o," for example.
"The only apparent distinction could be in the address bar at top," Ramzan said. "Before you make your purchase, triple check to make sure you're not purchasing from a site other than Amazon.com. Scammers could have Amazon somewhere in the address, but it won't be in the right place."
Avoid accidentally visiting copycat sites altogether by accessing the store through Amazon's app, Ramzan advises. "Don't click a link in an email and expect it to take you to a legitimate site."
The BBB warns that "photos can be stolen from other websites, so don't believe what you see. If logos or other images on the website appear blurry, take that as a red flag for a scam."
Amazon's Knapp said criminals most often attempt to obtain Prime members' credentials by claiming that an order needs to be confirmed, or that they need to re-instate their Prime memberships.
An email or text from a cybercriminal might tell its recipient that there's a problem with an order, and that they must click on a link to verify their address or credit card info. It's phony, and criminals do this to collect personal information. Similarly, they prey on shoppers' eagerness to get deals before they expire by telling victims there's a problem with their Prime membership, and that they must hand over their credit card details to reinstate the membership so they can shop for deals on Prime Day.
"These messages are all variations on things we've classically seen," Knapp said.