Cybercriminals are tapping into Amazon’s annual discount shopping day for subscribers, Prime Day. Bolster Research issued a warning of a substantive spike in phishing and malicious websites that are fraudulently using Amazon’s name and logo.
The research shows that hackers and cyber criminals take advantage of both Amazon features and consumer behaviors to try to lure online shoppers to fraudulent sites that can steal their credentials, financial information and other sensitive data.
Prime Day is October 13 & 14
One particularly innovative effort targets “returns” or “order cancellations” related to Prime Day using a fraudulent site that mimics a legitimate Amazon site. However, closer examination of the site shows it is clearly designed to defraud consumers.
The form on the site requests bank or credit card information from customers, which is a clear intent to steal this information, since Amazon always offers refunds to original form of payment or gift cards. Further, the site also does not ask for a customer password, something Amazon always requires for purchases and returns.
Another malicious site recently observed by researchers takes advantage of most consumers’ inherent love of a free gift. This site promotes an Amazon loyalty program and offers a free iPhone 11 Pro if people answer survey questions. After answering these questions, people are directed to a simple game that they win, after which they’re asked to enter credit card info so the site can charge them $1 to receive the iPhone.
Fortunately for Amazon Prime customers who plan to take advantage of the event this year, or anyone else shopping Amazon, avoiding online fraud is not that difficult. All shoppers should start directly at the source i.e. Amazon.com and pay close attention to their experience to ensure that nothing is out of the ordinary. However, as well all know, consumers paying close attention is easier said than done.
The onus falls on Amazon as well to do its best to secure transactions and prevent fraud. In fact, online retailers in general should get out ahead of the holiday season by making their platform cyber criminal proof environment. Though there may be not much Amazon can do if someone hands over their credit card information to a third party, Amazon can certainly increase their efforts to protect user data, secure purchase information and ensure payment security. Efforts to keep a data perimeter or identify users are simply not good enough.
What Amazon needs is a better approach to data security. Perimeter products that try to keep hackers out will all eventually be breached. Fanaticism on identification through bio-metrics, password managers or 2FA are only as secure as the person entrusted to follow the protocol. As we all have learned, the human error component can always be breached. In the near future, when quantum computing becomes more mainstream, products that rely on TLS-based encryption will be instantly obsolete.
The only solution is for data security products that can actually protect your data itself.
BLAKFX has delivered. The Helix22 data security SDK protects all data at rest, in use and in transit.
Our Motto: In Math We Trust
Helix22 delivers all this security assurance very confidently due to our genius engineering team that has invented a new model for data security that required an innovative look at the problem. As mentioned, the approach we took was to protect the data itself. Almost all other data security products try to build a perimeter or being fanatic on user identification. However, once the product is breached or a password is stolen, your firm/nations data is in the clear.
You see, the Helix22 cryptography is embedded with the data itself through our inventive and patented process of DNA BindingTM. Therefore, even if a breach were to occur the data cannot be exfiltrated. This means that all your firm/nations data is 100% protected regardless of the type of attack. Further, Helix22 protects data at rest, in use and in transit. No other data security can make that claim. Artificial Intelligence and Machine Learning experimentation runs and generates incalculable amounts of data. All is protected at its inception.
We can make this claim as the tech engineers at BLAKFX invented and patented a genuine user2user (U2U) encryption. We manage data security transmission through the truly brilliant and also patented universal Helix22 key service. The Helix22 encryption originates on your network or device, not just when the app is opened. This means, that when data arrives to our key server, it is already encrypted so all it needs to do is issue another key. Signal and Telegram cannot claim this level of security. This key will then only work with the intended device, which generates a matching key required to open the data. In this protocol, we are truly a “zero-knowledge” server so your communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user-to-user encryption (U2U) world, there is no opportunity at all for any data leak.
This same protocol just described, can be the same with all your 3rd party vendors and suppliers. It does not matter in the least what platform they are running or what device they are using or even the type of data, it is all 100% protected. We do however, strongly advise that all firms involved be utilizing Helix22 due to the nature of the data content. Helix22 can ensure that whatever data they are generating is protected as well.
Let’s take it a step further. Even if Amazon were a victim of an internal attack or a victim of malicious open source downloads, there is no reason for concern. Any data that has been forwarded, downloaded, copied or saved cannot be exfiltrated. Period. We have the technology industries foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstand penetration testing from MI5 and quantum computing attacks.
One final practical genius of DNA BindingTM is in that it is immediately compatible with whichever system or software you are utilizing. Therefore, any organization can forward information to another and then discuss it and there is immediate privacy.
BLAKFX is Based on Success
Our founders, Robert Statica PhD and Kara Coppa, also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. The Helix22 data security SDK is several generations enhanced since then.
Finally, the Helix22 encryption is quantum computing ready so no need to redo all your data security methodologies in a couple of years when everything else becomes obsolete.
We like to refer to Helix22 as “22nd Century Data Security.”