Posted by: Aubrey Felix on July 10, 2024 at 8:21 am
There is a lot of excitement around Amazon Prime day; it’s one of the busiest shopping days of the year. “In 2023, Prime Day sales reached an estimated 12 billion U.S. dollars worldwide, making it the most successful shopping occasion in Amazon’s history.” – According to Statista. It’s one of the best days to find deals on the things you love, or have had in your wishlist for months. With so many people flocking to Amazon to make their purchases, it’s no wonder that scammers are making the most out of Prime Day. This is why you need to stay vigilant of fake Google Ads for Amazon Prime.
A Close Call with a Fake Amazon Google Ad
Just recently, I was on the phone with a friend while they were online shopping. Like we all do, they typed “Amazon” in Google, and clicked the first sponsored Google ad that popped up. Immediately I could hear the sound come through the phone: “Warning! Warning! Your computer has been compromised” – All with alarm sounds blaring. Thankfully we knew not to click on any of the pop-ups and to exit the site immediately. But for some people, that’s not the case. They click the “Help” links provided and end up downloading Malware or something worse. So how does something like this happen? One way is Homograph scams.
Understanding Homograph Phishing Scams
Homograph phishing scams exploit the visual similarity between characters from different alphabets to deceive users. In these scams, attackers use characters from the Cyrillic alphabet (or other non-Latin scripts) that look nearly identical to Latin characters.
For example, the Cyrillic ‘а’ (U+0430) looks very similar to the Latin ‘a’ (U+0061). Attackers can replace the ‘a’ in “amazon.com” with the Cyrillic ‘а’, creating a fake domain like “аmazon.com”. To most users, this domain appears identical to the legitimate “amazon.com”, making it easier to trick them into visiting a malicious site.
These scams rely on users not noticing the subtle differences in characters, leading them to believe they are on a trusted website. When, in fact, they are on a phishing site designed to steal sensitive information, like login credentials or financial details.
A homograph phishing scam can occur with a Google Sponsored Ad in the following way:
- Creation of Fake Domain: The attacker registers a domain that uses homograph characters, such as “аmazon.com” (where the ‘a’ is the Cyrillic ‘а’).
- Setup of Malicious Website: The attacker sets up a website on this domain that looks very similar to the legitimate site. This site might mimic the appearance of the real Amazon site to trick users into entering their login details or other sensitive information.
- Google Ads Campaign: The attacker creates a Google Ads campaign and bids on keywords related to the legitimate site, such as “Amazon,” “buy Amazon products,” etc. They use the homograph domain as the display URL in the ad.
- Ad Approval and Display: If the ad passes Google’s review process, it will be displayed to users who search for the related keywords. The display URL might look like “amazon.com” due to the visual similarity of the homograph characters.
- User Clicks on Ad: Unsuspecting users see the ad and click on it, believing it to be a legitimate link to the Amazon website.
- Phishing Attack: Once on the fake site, users might be prompted to log in or enter personal information, which is then captured by the attacker.
Protect Yourself from fake Google Ads on Amazon Prime Day
Protect yourself by always double-checking URLs, even in sponsored ads, and looking for signs of phishing such as minor inconsistencies in the domain name. And to give some peace of mind, Google does have some measures in place to detect and prevent malicious ads. But you still need to remain vigilant. Besides checking URLs, enable two-factor authentication (2FA) on your Amazon account. This adds an extra layer of security and makes it harder for scammers to gain access even if they get your password. Also, keep your antivirus software updated and run regular scans to catch any malicious software early.
Why Small Business Owners Should Be Concerned
Small business owners should be particularly worried about these scams. Let’s be real, employees often shop online at work, especially during major sales events like Amazon Prime Day. If an employee falls for a phishing scam, it could compromise not only their personal information but also the security of the company’s network. A single click on a malicious link could lead to malware infecting the entire system, potentially resulting in data breaches, financial loss, and damage to the company’s reputation.
Final Thoughts
Amazon Prime Day should be all about enjoying great deals, not worrying about scams. By staying alert and following these tips, you can protect yourself from homograph phishing scams and other online threats. Remember, a little caution goes a long way in ensuring a safe and enjoyable shopping experience. Stay safe this Amazon Prime Day, and stay away from fake Google Ads. Always double-check the links before clicking. Happy shopping! (But hopefully not too much at work)
For more information about how TAZ Networks can help your business, contact us today.