Overview

• Amazon emailed 220 million Prime members on July 17–18 to warn of a surge in fake membership messages and calls designed to steal credentials
• Scammers impersonate Amazon via email, phone, text or social media by creating false urgency and fake ‘cancel subscription’ links that lead to credential-theft pages
• Security researchers uncovered more than 120,000 counterfeit Amazon domains set up before Prime Day to facilitate these phishing schemes
• Amazon’s guidance urges users to verify account status in the official app or at amazon.co.uk, enable two-step verification and check the Message Center before clicking links
• A new partnership with the Better Business Bureau gives customers access to a searchable scam database for reporting and researching suspicious Amazon-related attacks