Overview
- Amazon emailed 220 million Prime members on July 17–18 to warn of a surge in fake membership messages and calls designed to steal credentials
- Scammers impersonate Amazon via email, phone, text or social media by creating false urgency and fake ‘cancel subscription’ links that lead to credential-theft pages
- Security researchers uncovered more than 120,000 counterfeit Amazon domains set up before Prime Day to facilitate these phishing schemes
- Amazon’s guidance urges users to verify account status in the official app or at amazon.co.uk, enable two-step verification and check the Message Center before clicking links
- A new partnership with the Better Business Bureau gives customers access to a searchable scam database for reporting and researching suspicious Amazon-related attacks