CBS News
Amazon Prime Day presents opportunities for shoppers, and scammers too
Amazon Prime Day offers consumers deep discounts on appliances, electronics and other products, but it also provides an opportunity for cybercriminals to take advantage of their affinity for a good deal.
Bad actors are known to prey on shoppers’ eagerness to buy online during the retail holiday, which is one of the most anticipated shopping events of the year. Indeed, Amazon said scams tend to spike around the event, which this year will take place July 16 and 17.
Last year, around Prime Day, Amazon shoppers reported three times as many scams as usual to the company. Customer reports of bad actors trying to dupe them rose from roughly 5,000 a week to more than 14,000 a week, Scott Knapp, Amazon’s director of worldwide buyer risk prevention told CBS News.
Criminals target consumers by email, text message, and even phone, according to Knapp. Notably, there’s been a recent uptick in cybercriminals successfully deceiving consumers by phone.
Fake product reviews, phishing and “smishing” attempts, whereby criminals send shoppers links used to steal their information, aren’t unique to Amazon or Prime Day. They typically spike around any big sales event, including Black Friday or the Christmas shopping season, according to the Better Business Bureau (BBB).
“More deals are great for consumers, and more people out shopping is great for businesses large and small. Just be careful, and don’t get so caught up in the excitement that you fall for phishing scams, misleading advertisements and lookalike websites,” the BBB warns.
Counterfeit products
In addition to criminals creating fake websites to try to obtain Prime members’ personal information, they also pose as legitimate third-party sellers on Amazon.com, but hawk fake merchandise.
“The only sure thing about the marketplace is that any big shopping event is associated with a rise and influx in the availability of counterfeit products,” Saleem Alhabash, professor of digital advertising at Michigan State University. “There is always market awareness by counterfeiters that these are high-volume days — and from a psychological perspective, consumers know there’s a time limit for getting that good deal, and scammers harp on that in making the counterfeit product available.”
An abnormally low price for an expensive product could be a telltale sign a product is inauthentic. Of course, that’s harder to detect during Prime Day, when shoppers expect deeply discounted prices on popular goods.
“In terms of spotting malicious activity, we say that if you see an expensive brand offered at a much lower price that seems too good to believe, that’s a red flag,” Alhabash said. “But that can be tricky with a sales event like Prime Day, because the whole idea is to sell things at lower prices.”
Cybercriminals are using Amazon Prime Day as an opportunity to ratchet up the types of scams they target consumers with year round. There is a wide range of fraudulent activity to be alert to this year.
The high volume of third-party sellers on Amazon.com also presents an opportunity for scammers to pose as legitimate businesses. Oftentimes, they purport to be selling a hot product, like a stick vacuum cleaner or high-end blender, but after taking consumers’ credit card information they’ll send them a subpar knockoff, or nothing at all.
“They present as sellers of brand name products, and they charge a lot of money,” said Ram Bala, associate professor of AI & analytics at the Leavey School of Business at Santa Clara University. “As the number of sellers has increased, it’s harder to keep track of who is a scammer and who isn’t.”
Amazon’s Knapp said the company has “zero tolerance” for counterfeit products in its store, and removes knockoffs from its site as soon as it identifies them. “Then we go after bad actors who try to sell counterfeit in the store,” Knapp said.
Additionally, to date, Amazon has taken action against more than 40,000 phishing websites and 10,000 scammy phone numbers.
AI reviews
Fake reviews have also proliferated online, aided by generative AI tools like ChatGPT that make it easy for cybercriminals to rapidly produce product reviews.
“If a consumer is looking at a review right now, they may be AI-generated or augmented,” Saoud Khalifah, founder of Fakespot, told CBS MoneyWatch. “People are using tools like ChatGPT to help them with their jobs, but they’re being used to write reviews, too.”
Still, fake reviews are likely to be riddled with grammatical errors and contain sentences that don’t make sense. They also tend to be vague and lack details about the product they relate to, according to Khalifah.
Sellers of fake products often generate dozens of fake reviews to draw attention to their pages. If an item has 100 five-star reviews generated in the span of a day, that may be a tip off that they’re not authentic.
According to Fakespot, categories of products that are relatively insulated from fake reviews include Apple products, video game chairs, computers and books. Bluetooth headphones, clothes, stick vacuums and electric brooms typically have the most fake reviews, as do cheaper electronics, in the $30 – $50 range.
“That’s because it’s a highly competitive category, with so many products and sellers competing with each other, and the listing that wins out is the one with the most reviews,” Khalifah said.
Phishing and smishing scams
Phishing scams and so-called smishing scams, in which criminals make contact via SMS or text message, are abundant and can be highly sophisticated, too.
“Scammers are refining their techniques, and the most common scam type is they are creating fake websites that are Amazon lookalikes in order to get you to engage in a fraudulent loop,” Zulfikar Ramzan, chief scientist at Aura, told CBS MoneyWatch.
Phishing emails could offer consumers fake deals, and direct them to a website that appears to be Amazon, but is in fact a replica. Signs of a scammy website can be found in its URL. It might contain Amazon somewhere in the address, but with a zero could in the place of the letter “o,” for example.
“The only apparent distinction could be in the address bar at top,” Ramzan said. “Before you make your purchase, triple check to make sure you’re not purchasing from a site other than Amazon.com. Scammers could have Amazon somewhere in the address, but it won’t be in the right place.”
Avoid accidentally visiting copycat sites altogether by accessing the store through Amazon’s app, Ramzan advises. “Don’t click a link in an email and expect it to take you to a legitimate site.”
The BBB warns that “photos can be stolen from other websites, so don’t believe what you see. If logos or other images on the website appear blurry, take that as a red flag for a scam.”
Amazon’s Knapp said criminals most often attempt to obtain Prime members’ credentials by claiming that an order needs to be confirmed, or that they need to re-instate their Prime memberships.
An email or text from a cybercriminal might tell its recipient that there’s a problem with an order, and that they must click on a link to verify their address or credit card info. It’s phony, and criminals do this to collect personal information. Similarly, they prey on shoppers’ eagerness to get deals before they expire by telling victims there’s a problem with their Prime membership, and that they must hand over their credit card details to reinstate the membership so they can shop for deals on Prime Day.
“These messages are all variations on things we’ve classically seen,” Knapp said.
The secretary of state’s office was the target of an unsuccessful cyberattack earlier this month, the agency confirmed to CBS News on Wednesday.
An official with the secretary of state’s office said the attack was an attempt to crash the absentee voting website, and it was discovered when the agency noticed a spike in attempts to access the site nine days ago, on Oct. 14. There were over 420,000 attempts made from around the world, which the official said was a coordinated attempt to make the website crash.
Security experts were ultimately able to thwart the attack. The secretary of state’s office said it still does not know who was behind the attack but suggested it may have been a foreign country.
Gabriel Sterling, chief operating officer for the office, wrote Thursday evening in a social media post that “this was a big win for our cyber security team and our partners. We work everyday to protect Georgia voters and our systems.” In a separate post, he said, “The attack was detected and mitigated quickly.” CNN first reported the cyberattack attempt.
The Cybersecurity and Infrastructure Security Agency is aware of the cyberattack and worked with the Georgia secretary of state’s office in the aftermath of the incident, sources confirmed to CBS News. The FBI has not responded to a request for comment.
Georgia voters have also been showing up for early voting, which began on Oct. 15. Early voters shattered records this year for the presidential election, the secretary of state’s office said, more than doubling early voting figures from 2020 on the first day, with 310,000 ballots cast, compared with 136,739 on the first day of early voting in 2020.
Georgia Secretary of State Brad Raffensperger predicted there would be record turnout in Georgia this year, telling CBS News’ Margaret Brennan on “Face the Nation” Sunday, “You look at the turnout — we’re almost pushing 1.4 million who’ve already voted early or who we’ve accepted their absentee ballots.”
Nicole Sganga and
contributed to this report.
Boeing machinists on Wednesday voted to reject a new labor contract proposal and continue a costly weekslong strike that halted production of some of the embattled company’s top-selling planes, resulting in furloughs and layoff announcements for thousands of workers.
The International Association of Machinists and Aerospace Workers announced on social media that 64% of members voted to reject the deal.
“The strike will continue at all designated picket locations,” the union said.
The vote comes more than a month after 33,000 union members overwhelmingly rejected a negotiated offer and walked off the job on Sept. 13.
The IAM on Saturday had said it had brokered a tentative deal with Boeing that included cumulative raises of almost 40% over four years, significantly more than the prior negotiated offer.
The new contract offer also includes a $7,000 ratification bonus and a larger company contribution to retirement plans. It did not bring back a defined benefit pension that was frozen a decade ago and that many wanted to return to.
Contract talks broke down earlier in the month, but the company and union resumed bargaining in recent days, with Julie Su, the acting labor secretary, traveling to Seattle to meet with both sides.
If workers had voted to accept the contract offer, they would have had to return to work on Oct. 31, according to the union.
Boeing can’t produce any new 737s so long as the strike that shut down assembly plants in the Seattle area continues. One major Boeing jet, the 787 Dreamliner, is manufactured at a nonunion factory in South Carolina.
As machinists cast their ballots, Boeing reported a massive third-quarter loss of more than $6 billion, with the airplane manufacturer hit by the five-week-old strike and charges tied to its commercial aircraft and defense programs.
Boeing is struggling to right itself after manufacturing troubles and multiple federal investigations after an in-air panel blowout in January.
In August, the company brought in Kelly Ortberg, a seasoned aerospace executive, as its new CEO with the mandate to right Boeing’s safety and manufacturing issues. Ortberg, who earlier this month announced job cuts of 10% of the company’s workforce, or 17,000 employees, on Wednesday wrote in prepared remarks he delivered to investors Wednesday that Boeing is “at a crossroads.”
“The trust in our company has eroded,” he wrote. “We’ve had serious lapses in our performance across the company which have disappointed many of our customers.”
Watch CBS News
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.
