These attacks range from fake calls and phishing emails to malicious links and spoofed websites, all designed to trick shoppers into revealing sensitive account information or making fraudulent payments. During Amazon’s Big Spring Sale in March 2025, cybersecurity researchers observed dramatic increases in malicious activity: malware websites surged by 1,661%, phishing sites by 1,249%, and scam websites by 8,325% compared to the previous week. The email directed recipients to “update their address” via a link that led to a fraudulent Amazon login page designed to harvest credentials. Phishing emails: Messages crafted to create urgency with subject lines like “Refund Due – Amazon System Error” or “Account Issues”. As Amazon Prime Day 2025 approaches on July 8-11, millions of eager shoppers are preparing their wish lists and hunting for the best deals. The numbers tell a disturbing story: Amazon reported an 80% increase in impersonation scams during Prime Day 2024 compared to the previous year. These emails feature spoofed sender addresses that appear to come from Amazon, tricking recipients into clicking malicious links. The cybersecurity community’s recommendation is simple: plan your purchases in advance, go directly to Amazon’s official website or app, and never click links in emails claiming to be from Amazon. The attack featured an email with the subject line “Refund Due – Amazon System Error” where the sender’s address was spoofed to appear as if it came from Amazon. Alarmingly, 87% of these domains have already been flagged as malicious or suspicious, with one in every 81 risky domains containing the phrase “Amazon Prime“. Amazon Prime Day has become a magnet for online fraud due to its massive scale and the urgency it creates among shoppers. Security experts at NordVPN have uncovered over 120,000 malicious websites impersonating Amazon in the past two months. This year’s event is particularly attractive to criminals as Amazon has extended Prime Day to four days instead of the traditional two, giving scammers an additional 48 hours to exploit unsuspecting consumers. Examples include domains like Amazon02atonline51[.]online, which targets German customers by mimicking Amazon’s sign-in page, and amazon-2025[.]top, which mimics Amazon’s login page to collect user credentials. Amazon representatives emphasize that the company will never call customers about suspicious account activity or request sensitive information over the phone. However, cybercriminals are equally prepared, having registered over 1,000 new fake domains resembling Amazon in June alone. This massive network includes 92,000 phishing sites designed to steal login credentials, 21,000 malware distribution sites, and 11,000 fake goods sites.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 07 Jul 2025 11:35:12 +0000