With Amazon’s annual Prime Day sales event confirmed to run from Tuesday, July 8th, to Friday, July 11th, this year, bargain hunters aren’t the only ones preparing. Cybersecurity experts are warning of a dramatic surge in scams, with thousands of fake websites and phishing emails designed to ensnare unsuspecting shoppers.
Research from cybersecurity firm Check Point has revealed an alarming trend. In June alone, over 1,000 new web domains were registered to mimic the official Amazon site. A staggering 87% of these were flagged as either malicious or suspicious. Scammers are clearly hoping to capitalise on the shopping frenzy, with 1 in every 81 of these risky domains containing the phrase “Amazon Prime” to appear more legitimate.
Amazon itself has acknowledged an increase in customers reporting fraudulent emails concerning Prime membership subscriptions. These messages often look convincing and may even contain personal information about the recipient, likely scraped from other data breaches, to enhance their credibility.
A common tactic involves an email claiming your Prime subscription is renewing at an unexpectedly high price. It will often feature a prominent “Cancel Subscription” or “Verify Your Account” button. However, clicking these links leads not to Amazon, but to a sophisticated fake login page designed to harvest your credentials and, ultimately, your banking information.
Omer Dembinsky, Group Manager of Research & Threat Intelligence at Check Point Software Technologies, told the press:
Cyber threats around Prime Day are no accident; they’re calculated, large-scale campaigns designed to exploit consumer behavior. Awareness and prevention are powerful defences. With the right tools and habits, shoppers can enjoy the deals without falling for the bait.”
Know Your Enemy: Common Prime Day Scams
While fake renewal emails are prevalent, they are just one tool in the scammers’ arsenal. Other methods seen in the wild include:
- Fake Refund Alerts: Emails or texts claiming a “Refund Error” has occurred, prompting you to log in via a malicious link to fix it.
- Vishing (Voice Phishing): Phone calls from individuals pretending to be Amazon staff, alleging fraudulent activity on your account. They may try to trick you into providing personal details or even installing remote access software on your computer.
- Social Media Impersonation: Fake customer service accounts on platforms like X (formerly Twitter) that respond to public complaints, offering “help” via direct messages that lead to phishing sites.
- Bogus Deals: Links shared via email or social media that promise unbelievable discounts on high-demand items. If a deal looks too good to be true, it almost certainly is.
As Geek Native has reported before, such as during the scare around bad passwords, vigilance is the best defence against digital threats.
How to Protect Your Account
Official advice from Amazon and cybersecurity bodies, such as the UK’s National Cyber Security Centre (NCSC), is clear and consistent.
First and foremost, always go directly to the source. If you receive a suspicious email or text, do not click any links. Instead, open your browser and type amazon.co.uk directly into the address bar, or use the official Amazon mobile app. You can verify any legitimate messages from Amazon by navigating to ‘Your Account’ and then ‘Message Centre’. If the communication you received isn’t there, it’s a fake.
Here are some other best practices:
- Enable Two-Step Verification (2SV): This is one of the most effective ways to secure your account. It adds a second layer of security, meaning that even if a scammer steals your password, they won’t be able to access your account without the second verification code sent to your phone or authenticator app. You can enable this in the ‘Login & Security‘ section of your Amazon account.
- Inspect the Sender’s Address: Examine the sender’s email address carefully. While they can be spoofed, they often contain subtle errors or use a non-Amazon domain like
amazon-deals.topor a generic provider like@gmail.com. Legitimate emails from Amazon typically end with@amazon.co.uk. - Be Wary of Urgency: Scammers often use language designed to create panic, such as “your account will be suspended” or “unauthorised purchase detected.” This is a tactic to rush you into making a mistake. Pause and think before you click.
- Use Secure Payment Methods: When shopping online, using a credit card offers greater protection than a debit card. Under Section 75 of the Consumer Credit Act, for purchases over £100, your card provider is jointly liable if something goes wrong.
If the Worst Happens
If you think you have clicked on a suspicious link or entered your details on a fake site, act quickly.
- Change Your Password: Immediately change your Amazon password and the passwords for any other sites where you use the same or similar credentials.
- Contact Your Bank: Inform your bank or credit card provider about the potential breach. They can monitor for fraudulent activity and block your card if necessary.
- Report It: You should report the scam. Forward suspicious emails to the NCSC’s Suspicious Email Reporting Service (SERS) at
[email protected]. You can report scams to Action Fraud in England, Wales and Northern Ireland, or Police Scotland in Scotland. You should also report the issue directly to Amazon via itsamazon.co.uk/reportascampage to help them take down the fraudulent sites.
Photo by Marcus Winkler.
