According to data presented by Atlas VPN, Amazon, the global e-commerce site, is the most impersonated retail brand in phishing websites, with over 1,633 suspicious sites detected in the last 90 days. Notably, some of those sites have already been taken down, either by scammers themselves or by various security measures. However, as of July 12, as many as 897 websites are still live.
So why is this news especially relevant now? On July 12, Amazon’s Prime Day began, running through to the end of July 13. With many consumers looking to take advantage of their premium subscription with Amazon, transaction numbers have skyrocketed. However, an opportunity has arisen for cybercriminals to take advantage of unsuspecting shoppers: especially those who cash in on a deal too quickly without reading the fine print. With fraudsters using Google Ads to rank well in Google searches, making their near-identical fake sites appear legitimate, it is very easy to fall victim to phishing.
“Nowdays, it doesn’t take a lot of effort to construct a website which is nearly identical to the one that cybercriminals are trying to mimic. The biggest challange for fraudsters is leading people to the site, which is why consumers should be wary of all promotional emails and ads.” said Edvardas Garbenis, PR Manager at Atlas VPN.
The data for the Atlas VPN’s research was extracted from CheckPhish, a phishing and fraud site scanner, which uses deep learning, computer vision, and NLP to simulate how a person would examine, comprehend, and reach a verdict on a suspicious website.
The second most imitated retail brand was Walmart, with 427 phishing sites detected in the last 90 days, out of which 109 are still up and running on July 12, 2022.
Alibaba, one of the largest e-commerce companies globally, was the third most mimicked brand in phishing websites, with 398 detections in the last 90 days, out of which nearly half – 174 are still live.
Interestingly, UGG, an American footwear company, was the fourth most impersonated retailer. The site scanner detected 98 suspicious websites using the UGG brand name. Only six of those sites have been taken down so far.
Target was fifth on the list, and that is no surprise since it’s one of the largest corporations in the US. As many as 75 websites mimicking Target were detected since April 13, 2022. 46 of those sites are still accessible mid-July.
The biggest sports brand in the world – Nike, also made the list, with 49 suspicious sites identified, out of which only one ceased its activity.
Finally, The Home Depot, another US corporate giant, closed off the list of the most impersonated retail brands. This retailer was imitated on 31 websites, with 26 of them still accessible online as of July 12, 2022.
How to detect dubious websites
With Amazon Prime day in play, it’s much easier for cybercriminals to mix in their emails and ad’s among thousands of legitimate ones. Consumers should be especially wary of dubious sites in the upcoming days. Atlas VPN shared some of the most important tips on how to recognise phishing websites:
- Please pay attention to Google Ads because scammers might use them to rank well in Google searches.
- Check the website’s URL (address); leave immediately if it contains mistakes or strange symbols. Fraudsters might use alphabets with similar-looking letters representing the authentic website, so make sure to scrutinize the URL.
- Grammar and spelling issues should be an immediate red flag, so keep an eye out for them. Scammers hardly ever employ expert writers to proofread the content of their copycat website.