It’s the first day of summer, the longest day of sunlight, and a day to save on shopping if you’re taking advantage of Amazon Prime Day — tomorrow too for the latter. You know that. Cyber criminals know that. Along with all the legitimate promotions that continue to pop up on your screen from Amazon, the bad guys are also sending special deals to lure enthusiastic online shoppers into various phishing campaigns that will steal their credentials and give unauthorized access to funds and financial transactions.
PrivaPlan Social Engineering Specialist Michaela Kahn shared that last year during Amazon’s Prime Day, Checkpoint noted that 20% of domains registered with the words “Amazon” or “Prime” in them were malicious. That’s not good news, but it’s gotten worse in 2021. She says, “This year it’s up to nearly 50%! Expect that these scams will be running all day today and tomorrow and warn your users.”
Remind them that if they get any Prime Day offers in email, by phone or social media, to do three things:
- Look out for any misspellings on any emails, ads, and domain names
- If they’re asked to provide additional details (e.g. birthday or social security number), it is most likely a scam
- Make sure to have a strong password created before participating in Amazon Prime Day (it’s never too late to do that), and use a Credit Card instead of a Debit Card
It’s important to ensure your users are always prepared for any type of attack, especially during “specials” like Amazon Prime Day. Frequent phishing tests and new-school security awareness training are important to ensure your users stay on their toes with security top of mind.
PrivaPlan offers phishing testing for our customers to test, educate and retest their user’s susceptibility to phishing scams. These tests have been helpful in showing the risk that phishing poses to a covered entity. PrivaPlan recommends that all covered entities test their users for phishing awareness and setup proper recurring training for their users.
To find out how the HIPAA experts at PrivaPlan can assist you with phishing testing, and the many other services we provide, contact us at email@example.com or call 877-218-7707.