Amazon’s Fall Prime Day not only kicks off the holiday shopping season with deals too good to ignore, but it also creates one of the biggest opportunities for cyber criminals. As millions of consumers flock online for deals, attackers launch phishing scams, fake domains, and malicious emails designed to steal Amazon credentials and payment information.
Check Point Research has uncovered a surge in Amazon Prime
Day scams this September, showing how attackers continue to weaponize urgency
and trust.
Amazon Prime Day Scams 2025: Malicious Domains on the Rise
During the first three weeks of September 2025, a total of
727 new Amazon-related domains were registered. Out of these:
1 in every 18 domains was flagged as malicious or
suspicious.
1 in every 36 domains specifically contained the phrase
“Amazon Prime.”
This surge in registrations demonstrates how attackers
exploit popular events to create fake websites that closely resemble Amazon’s
legitimate platforms, deceiving users into sharing their sensitive information.
Real-World Examples of Phishing Attacks Exploiting Amazon
Prime
“Payment Not Authorized” Email Scam
Target: Amazon Prime users in Brazil.
Tactic: Victims received emails in Brazilian Portuguese
claiming their Prime payment was not authorized.
Trigger: Clicking “Atualizar Agora” (“Update Now”) led to a fake Amazon login site:
.jpg)
No comments:
Post a Comment