As Amazon Prime Day 2025 approaches on July 8th , cybersecurity experts are advising caution due to a surge in phishing attacks targeting shoppers. Omer Dembinsky, Group Manager, Research & Threat Intelligence at Check Point Software Technologies, noted that over 1,000 new domains resembling Amazon appeared online in June alone, with 87% of these flagged as malicious or suspicious. A significant number of these risky domains, specifically one in every 81, incorporate the term “Amazon Prime”.
High-volume shopping events like Prime Day attract online fraud, with cybercriminals employing tactics such as fake domains and phishing emails. Fake domains are designed to imitate Amazon’s login or checkout pages to steal credentials and personal information, potentially leading to unauthorised purchases, identity theft, or gift card abuse. An example cited is “Amazon02atonline51[.]online,” a fraudulent site mimicking the Amazon Sign-in page to target German customers. Another fraudulent domain, “amazon-2025[.]top,” also mimics Amazon’s login page to collect user credentials.
Phishing emails are crafted to create urgency, often referencing “refund errors” or “account issues,” to lure victims into clicking malicious links. Check Point Research recently intercepted a campaign that used the subject line “Refund Due – Amazon System Error” and spoofed the sender’s email to appear as Amazon. This email prompted recipients to click a link to “update their address,” which led to a fraudulent Amazon login page designed to harvest user credentials.
To mitigate risks, shoppers are advised to verify URLs for extra characters, unusual domain endings, or hyphenated brand names. It is recommended to avoid clicking links in emails related to Amazon accounts and instead navigate directly to www.amazon.com or use the official Amazon app. Shoppers should also ensure websites use HTTPS and display a padlock icon, though vigilance is still necessary as some malicious sites may fake these indicators.
Using strong, unique passwords and enabling two-factor authentication is encouraged to prevent account takeovers. Consumers should be wary of messages that create a sense of urgency or pressure, or offers that appear to be unrealistic. Utilising secure and traceable payment methods like virtual credit cards or payment apps is also suggested to add layers of protection.
