Skip to Content
Security & privacy

Beware of Amazon Prime Day phishing scams that are spreading now!

Amazon Prime Day 2018 has come to a close, which means it is time for all of us to enjoy the fruits of our shopping labor. No matter what we bought, our items have arrived and now the fun really begins.

But as the dust settles and everyone moves on from one of the greatest shopping days (and a half) of the year, scammers are getting to work. That means phishing scams, of course.

Phishing emails are a popular tool for cybercriminals. They are extremely successful at finding new victims with these scams. Recognizing fraudulent messages that look official can be difficult to the untrained eye.

Watch out for an Amazon Prime Day phishing attack

What we’re talking about is an Amazon Prime Day phishing email scam that spreads like wildfire. There are some different versions of the scam, though they all have the same goal in mind.

It starts with an email, one of which thanks the recipient for a Prime Day purchase and goes on to say they are invited to write up a quick review on the product. Another says the recipient will receive a $50 bonus or maybe a gift card if you click on the link.

Here is what it might look like:

Image: Example of Amazon phishing scam received by Kim Komando.

As you can see, there is a link provided inside the email to review and print the reward.

Warning! If you get one like this, do NOT click on the provided link because it’s malicious.

The link will send you to a lookalike site, one that will appear to be from Amazon but instead will give any information you provide to the scammer.

The criminals behind the attack can change the malicious links’ payload at any time. The link currently takes you to a site that will have the appearance of an Amazon page that asks for your login credentials.

It’s not an Amazon site, however, and instead will give any information you provide to the scammer. It can be changed at any point, leading to malware infecting your computer or even ransomware that will encrypt the critical files on your gadget.

These types of attacks are on the rise. That’s why you need to know what to watch for and how to handle the situation when it arises.

Here are suggestions from Amazon on how to recognize a phishing attack:

  • Fake orders – If you receive an email claiming to be from Amazon confirming an order that you did not place, it’s a scam. Instead of clicking links within the email, type into your browser, sign in and go to the Your Orders page to verify your purchases. If you didn’t buy the item from the email, it’s a phishing scam.
  • Credential request – Amazon does not send emails requesting your username and/or password. If you receive an email like this, it’s a scam.
  • Update payment information – You should never click a link within an email asking you to update your payment information. Instead, go to your Amazon account and click Manage Payment Options in the Payment section. If you are not prompted to update your payment method on that screen, the email is not from Amazon.
  • Fraudulent links – If you receive an email with a link that supposedly goes to Amazon, hover over the link with your cursor. If it does say that it’s going to direct you to Amazon, it’s a phishing scam.
  • Attachments – Emails purportedly from Amazon that contain attachments or prompts to install software on your computer are scams.

If you receive an email from Amazon that you suspect is fraudulent, you need to report it. Click here to report the scam to Amazon.

How to protect against phishing attacks:

It’s important to remember Amazon will never send you an unsolicited email that requests your personal information, such as a Social Security number, bank account information or credit card information. They will also not look for answers to ID questions like a mother’s maiden name or your password.

Other things to keep in mind:

  • Be cautious with links – If you get an email or notification that you find suspicious, don’t click on its links. It could be a phishing attack. It’s always better to type a website’s address directly into a browser than clicking on a link.
  • Do NOT enable macros – You should never download PDF, Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
  • Watch for typos – Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
  • Use unique passwords – Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it’s simple for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
  • Set up two-factor authentication  Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It’s like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
  • Check your online accounts  The site Have I Been Pwned allows you to check if your email address has been compromised in a data breach.
  • Have strong security software – Having strong protection on your gadgets is very important. The best defense against digital threats is strong security software.
Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days