1000+ New Fake Domains Mimic Amazon Prime Day Registered to Hunt Online Shoppers

As Amazon Prime Day 2025 approaches on July 8-11, millions of eager shoppers are preparing their wish lists and hunting for the best deals.

However, cybercriminals are equally prepared, having registered over 1,000 new fake domains resembling Amazon in June alone.

Alarmingly, 87% of these domains have already been flagged as malicious or suspicious, with one in every 81 risky domains containing the phrase “Amazon Prime“.

The scale of the threat is even more staggering when considering broader research findings. Security experts at NordVPN have uncovered over 120,000 malicious websites impersonating Amazon in the past two months.

This massive network includes 92,000 phishing sites designed to steal login credentials, 21,000 malware distribution sites, and 11,000 fake goods sites.

The Perfect Storm for Cybercriminals

Amazon Prime Day has become a magnet for online fraud due to its massive scale and the urgency it creates among shoppers.

This year’s event is particularly attractive to criminals as Amazon has extended Prime Day to four days instead of the traditional two, giving scammers an additional 48 hours to exploit unsuspecting consumers.

The numbers tell a disturbing story: Amazon reported an 80% increase in impersonation scams during Prime Day 2024 compared to the previous year.

These attacks range from fake calls and phishing emails to malicious links and spoofed websites, all designed to trick shoppers into revealing sensitive account information or making fraudulent payments.

Cybercriminals employ two primary tactics to exploit Prime Day shoppers:

Fake domains: Websites designed to imitate Amazon’s login or checkout pages. Examples include domains like Amazon02atonline51[.]online, which targets German customers by mimicking Amazon’s sign-in page, and amazon-2025[.]top, which mimics Amazon’s login page to collect user credentials.

Phishing emails: Messages crafted to create urgency with subject lines like “Refund Due – Amazon System Error” or “Account Issues”. These emails feature spoofed sender addresses that appear to come from Amazon, tricking recipients into clicking malicious links.

Real-World Attack Examples

Check Point Research recently intercepted a sophisticated phishing campaign that demonstrates how these scams operate.

The attack featured an email with the subject line “Refund Due – Amazon System Error” where the sender’s address was spoofed to appear as if it came from Amazon.

The email directed recipients to “update their address” via a link that led to a fraudulent Amazon login page designed to harvest credentials.

Another common tactic involves fake product recall notifications sent via text message, claiming that a purchased item has been recalled due to quality concerns.

These messages include fake order numbers and urge recipients to click links to process refunds or view safety instructions.

The objectives of Amazon scammers are evolving beyond simple credential theft. Recent data indicates a shift toward tricking customers into making unauthorized payments, which rose from 28% in April to 38% currently.

This change makes these attacks particularly dangerous as they can result in immediate financial losses.

The sophistication of these attacks has also increased dramatically. Generative AI now helps fraudsters craft delivery notices that sound personal and urgent, eliminating the spelling mistakes and awkward phrasing that once made fake emails easy to identify.

This technological advancement makes it increasingly difficult for even security-conscious users to distinguish legitimate communications from scams.

Protecting Yourself During Prime Day

With Prime Day just days away, cybersecurity experts recommend several critical safety measures:

Verification and Authentication

• Always verify URLs before entering personal information. Look for extra characters, odd domain endings (like .top or .online), or hyphenated brand names.
• Avoid clicking email links claiming to be from Amazon. Instead, open your browser and navigate directly to www.amazon.com or use the official Amazon app.
• Check for HTTPS and the padlock icon in your browser’s address bar, though remember that some malicious sites can fake this.

Account Security

• Enable two-factor authentication on your Amazon account to reduce the risk of account takeover.
• Use strong, unique passwords and consider a password manager to generate and store them securely.
• Monitor your financial accounts regularly for unauthorized transactions.

Shopping Safely

• Shop only on Amazon’s official website or app to minimize exposure to fraudulent sellers.
• Be skeptical of deals that seem too good to be true, especially from unfamiliar sellers.
• Use credit cards instead of debit cards when possible, as they offer better fraud protection.
• Never provide sensitive information over the phone to anyone claiming to be from Amazon.

Recognizing Red Flags

• Watch for urgency tactics that pressure you to act immediately, such as “Your account will be suspended unless you act now”.
• Be suspicious of generic greetings like “Dear Customer” instead of your actual name.
• Question unexpected refund notifications or claims about orders you didn’t place.

The Amazon Prime Day scam phenomenon reflects a larger trend in cybercrime.

According to the U.S. Federal Trade Commission, business impersonation scams ranked among the top fraud complaints in 2023, with more than 330,000 reports accounting for almost half of all fraud complaints and resulting in over $1.1 billion in losses.

During Amazon’s Big Spring Sale in March 2025, cybersecurity researchers observed dramatic increases in malicious activity: malware websites surged by 1,661%, phishing sites by 1,249%, and scam websites by 8,325% compared to the previous week.

These statistics suggest that the threat during Prime Day 2025 could be even more severe.

Amazon has acknowledged the growing threat and is taking proactive measures to protect customers. The company has issued urgent security warnings and provides guidance on recognizing and avoiding scams.

Amazon representatives emphasize that the company will never call customers about suspicious account activity or request sensitive information over the phone.

The retail giant has also enhanced its security infrastructure and works closely with cybersecurity firms to identify and shut down fraudulent websites.

However, the sheer scale of the threat, with thousands of new malicious domains being registered daily, makes this an ongoing challenge.

As Prime Day 2025 approaches, the message is clear: awareness and vigilance are your best defenses against increasingly sophisticated cyber threats.

While the deals may be tempting, taking a moment to verify the legitimacy of communications and websites can save you from becoming the next victim of these elaborate scams.

The cybersecurity community’s recommendation is simple: plan your purchases in advance, go directly to Amazon’s official website or app, and never click links in emails claiming to be from Amazon.

By following these guidelines and staying alert to the warning signs, shoppers can enjoy Prime Day’s legitimate deals while avoiding the traps set by cybercriminals.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now