Cybercriminals register hundreds of fake Amazon websites ahead of Prime Day

As Amazon Prime Day approaches, cybercriminals are getting ready too, but not to shop. Security researchers have spotted hundreds of fake websites that are being registered to look like official Amazon domains. Most of these sites are designed to scam people looking for deals during the mega sale.

According to Check Point Research, over 1,230 new domains with names related to Amazon or Prime Day have been registered recently. Many of these use slight spelling changes, like “amaz0n” instead of “amazon”, or they add extra words like “prime-deals” to trick users into thinking they’re real. Out of all these newly created domains, about 87% were marked as risky, either suspicious or outright malicious.

These domains aren’t just sitting there. Cybercriminals are actively using them in phishing campaigns. People are receiving fake emails that pretend to come from Amazon, warning them about fake issues like “account suspension” or “refund errors.” These emails usually contain links that lead to fake Amazon login pages. If someone enters their username, password, or payment info on these sites, the hackers steal it immediately.

In some cases, the fake sites don’t just steal login details, they go a step further. When users click certain buttons or banners, the website installs malware or redirects them to harmful pages. This malware can do a lot of damage, including spying on users, stealing more data, or even making unauthorized purchases on their behalf.

Check Point also mentioned that in just one week, around 1,146 new suspicious domains were registered. The scammers clearly planned this in advance, knowing that many users would start searching for deals as Prime Day got closer. Since people tend to shop quickly during sales, they’re more likely to miss small red flags in URLs or ignore strange-looking websites.

Security experts are advising everyone to be extremely careful. The safest way to shop is to type “amazon.com” directly into your browser or use the official Amazon app. You should never click on links in emails, even if the message looks convincing. Always check the URL closely, if it has strange spellings or ends with unfamiliar extensions like .top or .online, it’s probably fake.

Another smart move is to enable two-factor authentication (2FA) on your Amazon account. That way, even if someone gets your password, they won’t be able to log in without a second code. Also, try to use secure payment methods, like credit cards with fraud protection or digital wallets like Google Pay.

Amazon is aware of these scams and says their Brand Protection team is actively working to report and remove fake domains. They are also helping customers by blocking these sites through browser warnings and removing phishing attempts that mimic the company’s name.

But despite Amazon’s efforts, the number of fake sites keeps rising, and scammers are getting more creative. With so many domains being registered each week, it’s difficult to take them all down quickly. That’s why it’s more important than ever for users to stay cautious and be aware of what they click.

So, if you’re hunting for a great Prime Day deal, be extra careful. A single click on a fake site could cost you more than money, it could lead to your private data being stolen or your device getting infected. Scammers are counting on shoppers to let their guard down, especially during big sales like this.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news