Amazon’s Fall Prime Day not only kicks off the holiday shopping season with deals too good to ignore, it also creates one of the biggest opportunities of the year for cyber criminals. As millions of consumers flock online for deals, attackers launch phishing scams, fake domains, and malicious emails designed to steal Amazon credentials and payment information.

Check Point Research has uncovered a surge in Amazon Prime Day scams this September, showing how attackers continue to weaponize urgency and trust.

Amazon Prime Day Scams 2025: Malicious Domains on the Rise

During the first three weeks of September 2025, a total of 727 new Amazon-related domains were registered. Out of these:

  • 1 in every 18 domains was flagged as malicious or suspicious.
  • 1 in every 36 domains specifically contained the phrase “Amazon Prime.”

This surge in registrations demonstrates how attackers exploit popular events to create fake websites that closely resemble Amazon’s legitimate platforms, deceiving users into sharing their sensitive information.

Real-World Examples of Phishing Attacks Exploiting Amazon Prime
  1. “Payment Not Authorized” Email Scam
  • Target: Amazon Prime users in Brazil.
  • Tactic: Victims received emails in Brazilian Portuguese claiming their Prime payment was not authorized.
  • Trigger: Clicking “Atualizar Agora” (“Update Now”) led to a fake Amazon login site:

http://45[.]94[.]58[.]75/br-pt/prime/

  • Goal: Steal Amazon account credentials.

Figure 1: the email message sent as part of the phishing campaign

Figure 2: the phishing website mimics Amazon’s login page, displayed after clicking the button in the phishing email

  1. “Subscription on Hold” PDF Scam
  • Delivery: PDF attachment titled “Important: Amazon Prime Membership on Hold”.
  • Claim: The victim’s subscription was frozen due to a credit card issue.
  • Trigger: A link inside the PDF directed to a malicious payment portal.
  • Goal: Harvest credit card information under the guise of restoring Prime benefits.

These Amazon Prime phishing scams are engineered to create fear and urgency, pressuring victims into acting immediately.

Figure 3: the phishing PDF impersonating Amazon Prime, warning the user about a credit card issue and urging immediate action to avoid cancellation

Figure 3: the phishing PDF impersonating Amazon Prime, warning the user about a credit card issue and urging immediate action to avoid cancellation

Check Point Recommendations: How to Stay Safe on Amazon Prime Day 2025

To avoid Amazon Prime fraud and phishing scams this Prime Day:

  • Double-check domains: Only trust official sites like amazon.com.
  • Avoid email/PDF links: Go directly to Amazon via your browser.
  • Enable multi-factor authentication (MFA) on your Amazon account.
  • Use layered protection: Comprehensive security across email, browsers, endpoints, mobile devices, and networks helps lower the risk before threats reach you.
  • Look closely at content: Scrutinize URLs, attachments, and text in unexpected emails or messages for signs of phishing.
  • Stay adaptive: Cyber threats evolve quickly. Update your security tools regularly so they can respond to new tactics.

While defensive habits (like scrutinizing links) are crucial for individual users, organizations need robust, integrated protection across all attack surfaces. This is where Check Point Harmony comes in. Harmony secures users, devices, and access across hybrid work environments – which is crucial for employees who may be shopping at work. Harmony enables organizations to shift from reactive defenses to proactive prevention, significantly reducing the success rate of phishing attacks and malicious domains like those targeting Prime Day.

Conclusion

Amazon Prime Day 2025 brings deals, but also danger. Cyber criminals are launching phishing campaigns and fake domains to trick shoppers. By staying alert, following best practices, and verifying every link or email before clicking, you can reduce your risk and enjoy shopping safely during Amazon Prime Day 2025.

For enterprises, combining user-level best practices with a full-stack solution like Check Point Harmony helps ensure that phishing campaigns, malicious downloads, and zero-day attacks are blocked before they ever reach end users.

You may also like