Scammers ramp up their efforts during Prime Day, using tactics like phishing emails, fake websites, and fraudulent order confirmations to steal personal and financial information.
Key red flags include suspicious domain names, urgent or emotional language, unofficial sender addresses, and poor formatting—all signs that a message or site may be a scam.
Experts recommend using a cautious, “Zero Trust” approach, verifying sites before clicking, keeping devices updated, enabling two-factor authentication, and going directly to Amazon’s website rather than clicking links.
Amazon’s Prime Day is the perfect time for shoppers to score big savings on everything – electronics, kitchen essentials, baby items, clothes, toys, and more.
However, in addition to the sales, it’s also the perfect time for scammers to take advantage of vulnerable consumers looking for deals.
To help spot these scams – and avoid them – ConsumerAffairs interviewed Darren Williams, Founder and CEO at BlackFog, and Dave Meister, Global Channel Leader at the Office of the CTO, at Check Point.
What are the biggest scams associated with Prime Day?
Meister explained that scammers’ main goal during Prime Day is to steal consumers’ personal information and payment details. He broke down some of the most popular scams that happen during Prime Day:
Phishing emails
SMS phishing (SMiShing)
Fake login pages
Fraudulent order confirmations
“Amazon Prime Day is a goldmine for cybercriminals,” Williams explained. “The surge in promotional emails, limited-time offers, and high-volume online activity creates ideal conditions for phishing, malware delivery, and fraudulent transactions.
“What often begins as a simple consumer scam – like a fake delivery notification or a spoofed Amazon deal – can quickly escalate into credential theft and data exfiltration that puts entire enterprises at risk.”
How to spot scams
Meister shared his best tips for identifying scams during Prime Day.
“Spotting Prime Day scams starts with slowing down and looking closely at the details,” he said. “Bad actors rely on urgency, distraction and emotion to get people to click before thinking. Here are a few red flags every shopper should watch for:
Check the domain name carefully: Anything other than amazon.com should raise suspicions. Scammers often create lookalike sites—like amazon-2025[.]top or amazon02atonline51[.]online—that appear legitimate at first glance but are designed to steal your login credentials or payment info.
Be wary of urgent or emotionally charged language: Subject lines like “Refund Due – System Error” or “Account Suspended” are classic phishing tactics meant to panic users into clicking a malicious link. Legitimate companies like Amazon won’t demand immediate action via sketchy links.
Scrutinize the sender’s email address: A real Amazon email will always come from an official @amazon.com domain—not something like support-amazon-check[.]com.
Hover over all links before clicking: On desktop, hovering over a link will show the destination URL. If it looks off or doesn’t clearly lead to amazon.com, don’t click.
Don't follow a link: Rather than following a link, go directly to the Amazon website, app or Google Prime Days to find the real website, bypassing any possible phishing links.
Look for poor grammar, odd formatting, or blurry logos: These are telltale signs of a hastily thrown-together scam site or message.
Trust your instincts: If a deal or message seems off—like winning a giveaway you never entered—it probably is.
Avoid falling for Prime Day scams
Williams encourages consumers to be vigilant during Prime Day, as they should always verify the legitimacy of websites and apps before downloading or purchasing.
“Keeping devices up to date and ensuring that security tools are active is essential, but so is awareness,” he said. “Understanding how social engineering works – and how cybercriminals use urgency and distraction to trick users – is one of the best defenses. A Zero Trust mindset and attention to detail can go a long way in staying safe.
“Another trick that is often used is to request validation of your login credentials. Amazon will never do this and will never ask for your personal information. Additionally, it is really important that you have two-factor authentication enabled. This will ensure that attackers cannot easily gain access to your account.”