Keep Your Eyes Peeled for Scams on Amazon Prime Day

Don't let your guard down while hunting for the best deals on Amazon Prime Day.

Amazon Prime Day has established itself as one of the biggest shopping days in the last decade. But security experts warn such events, known for unusually low prices, are not just a shopping bonanza for consumers but also for cybercriminals.

"Bad actors know that people are expecting unreasonably low prices on products, making the idea that if it's too good to be true, it probably isn't, far from their minds," Erich Kron, security awareness advocate with KnowBe4, told Lifewire over email. "[Scammers] will use this expectation and the excitement of great deals to try to lure people into falling for fake deals on fake websites, where they steal everything from your password to your credit card information."

Prime for Scams

Amazon Prime Day is among the biggest events of the year for online shoppers, perhaps second only to Black Friday and Cyber Monday. The two-day shopping event raked in over $6 billion in sales last year, and this year's event is expected to be in the same league. 

This is particularly worrying when seen in the context of a survey conducted by NordVPN, which said that 60% of the surveyed Americans indicated they are not able to confidently identify any Amazon scams or fraud. 

In the survey sent to Lifewire over email, Daniel Markuson, digital privacy expert at NordVPN, noted that there are lots of elaborate ways scammers use Amazon's name to grift people for sensitive data and money. 

Kim DeCarlis, CMO at PerimeterX, warned that cyber actors love to take advantage of consumers via phishing emails, often playing to their emotions. "These emails can appear to be coming from Amazon, when in fact they are sent to lure consumers into clicking on malware-laced links," DeCarlis told Lifewire over email.

This is why Tim Helming, security evangelist with threat intelligence specialists DomainTools, advises people to always cast a skeptical eye on online ads or emails touting extreme deals. "These may, in fact, be genuine, but it's worth taking a bit of time to be sure," Helming told Lifewire via email.

Their advice comes in light of data from Check Point Research (CPR) that shows the volume of Amazon-related phishing emails has spiked by 37% compared to last year.

"If the deal seems unreasonably good, even on Prime Day, [people] should consider browsing to the Amazon website directly, then searching for the item from there," advised Kron. "If [people] have already logged into Amazon directly and a link they follow asks for a person to login again, they should be very cautious, ensuring the login page is really from Amazon."

DeCarlis suggests that people should make it a habit to hover over any link before clicking, and if the URL looks weird and doesn't include Amazon in it, it's probably best to trash the email.

Click With Caution

The extent scammers go to in order to trap people can be gauged from the fact that CPR's threat intelligence team identified almost 2,000 new domains linked in some regard to Amazon.

"We have seen countless examples of criminals looking to capitalize on the widespread attention garnered by online retail events such as Amazon Prime Day, with fraudulent domains and websites designed to lure unsuspecting shoppers," shared Helming.

A report from Juniper Research estimated that if current trends persist, the total losses to online payment fraud for merchants worldwide between 2023 and 2027 will top $343 billion.

One piece of advice all our experts offer is to always make online payments using credit cards instead of debit cards. They reason credit cards provide far greater protections and allow you to dispute unapproved charges and possibly even get your money back. 

DeCarlis says all kinds of cyberattacks these days are integrated and cyclical. She explains cyber criminals take advantage of the fact that people reuse passwords and often strive to validate user names and credentials on one site and then test them on another.

This is why she says the web attack cycle these days begins with a data breach on one site and ends up fueling credential stuffing attacks on numerous other sites, which in turn, leads to account takeovers and fraud.  

"To help put a stop to this, consumers should be sure to change passwords frequently," advised DeCarlis. "[And] when your transaction is complete, be sure to fully log out."