Amazon Prime Day Warning: over 120,000 scam sites target bargain hunters

With Amazon Prime Day approaching on July 8, shoppers are being urged to exercise extreme caution when seeking out deals, as cybercriminals have launched over 120,000 malicious websites impersonating the e-commerce giant.

The extended four-day sales event, while a boon for consumers, presents an even larger window of opportunity for scammers to exploit the urgency and excitement surrounding limited-time offers.

Data from NordVPN’s Threat Protection Pro reveals a significant surge in fake Amazon domains over the past two months, designed for malware distribution, phishing attacks, and outright scams.

Phishing websites, which aim to steal login credentials and other personal information, account for the vast majority of these deceptive sites, with NordVPN detecting and blocking 92,000 such instances. Nearly 21,000 websites were identified attempting to install malicious files on users’ computers, while another 11,000 were designed to sell fake goods.

“Major shopping events like Prime Day create perfect storms for cybercriminals,” warns Marijus Briedis, Chief Technology Officer (CTO) at NordVPN. “Scammers know that shoppers’ excitement and urgency around limited-time deals make them more susceptible to clicking on malicious links or sharing personal information without proper verification.”

The tactics employed by scammers are also evolving. Amazon’s own data indicates a shift in objectives, with hackers increasingly attempting to trick customers into making unauthorized payments. This surge in malicious activity is not unprecedented; during Amazon’s Big Spring Sale in March 2025, NordVPN observed a staggering increase in cybercrime, with malware websites surging by 1,661%, phishing sites by 1,294%, and scam websites skyrocketing by 8,325% compared to the preceding week.

To stay safe, experts advise consumers to always shop directly through Amazon’s official website (amazon.com) and to verify that URLs display “https://” with a padlock icon before entering any personal information. Deals that appear “too good to be true” should be treated with extreme suspicion, as they often indicate counterfeit goods or outright fraud. Shoppers should never click on links in unsolicited emails, even if they appear to be from Amazon, and instead, navigate directly to the official website.

Furthermore, legitimate Amazon communications are professional and will never request sensitive information such as passwords or Social Security numbers via email or phone. When in doubt, customers should log into their Amazon account or contact customer support through official channels to verify any suspicious communications.

NordVPN