Amazon’s Prime Day sale is officially here, but shoppers looking for great deals need to be careful that they don’t get scammed in the process. 

Amazon is warning consumers to be on the lookout for cybercriminals attempting to use the massive online event, which runs Tuesday through Friday, as an opportunity to con them out of their money and personal information.

According to Amazon, reports of email impersonation scams, where cybercriminals tried to pass themselves off as Amazon or another related company, jumped 50% during Prime Day in 2024, compared with the weeks before the sale. 

Meanwhile, researchers for the cybersecurity company Check Point say that during the month of June, they spotted more than 1,000 new websites with domain names similar to Amazon. About 87% of those were flagged as malicious or suspicious, meaning they could be trying to impersonate Amazon in attempts to steal shopper account credentials or payment information.

While cybercriminals have long tried to take advantage of Prime Day shoppers, the big spike in potentially scammy websites ahead of this year’s event marks a shift in their game plan, says Dave Meister, cybersecurity evangelist for Check Point.

“That’s been really interesting to see,” Meister said. “The malicious actors aren’t just being opportunistic here, they’re preparing for what they know is coming.” 

Watch this: How to Hack Amazon Prime Day: Shopping and Deals Advice

04:03

AI gives old scams new power

The carrots cybercriminals use in their scam emails, texts, and social media posts have remained largely the same in recent years. 

According to Amazon, they often tell a target that there was a problem with their account or an order, or ask for alternate payment information, falsely claiming that their payment didn’t go through. Regardless of their specific pitch, the objective of the scams is to steal payment card information or Amazon account usernames and passwords. 

What has changed is the sophistication and scale of those scam messages, partially due to artificial intelligence tools. Just a few years ago, Check Point researchers would spot just a few hundred scam websites tied to Prime Day, a far cry from this year’s more than 1,000, Meister said. It also wasn’t that long ago that phishing emails were generic and riddled with grammatical errors, making them easy to spot. 

But AI-powered tools now let cybercriminals quickly create fake websites that convincingly impersonate companies like Amazon, he said. They also allow for the creation of countless phishing messages written in perfect English that target specific people, harvesting personal details about them from sources like social media to make them appear legitimate. 

“The tactics haven’t necessarily changed, AI has just lowered the barrier for anybody to step in,” he said. 

Why Amazon and Prime Day?

Security experts say Amazon’s widespread popularity makes it a top choice for scammers. If a consumer gets an email that looks like it’s coming from a bank they don’t have an account with, they’re probably going to delete it right away. But just about everybody has an Amazon account, making scam emails featuring Amazon significantly more convincing.

Outside of the holiday shopping season, Amazon’s Prime Day events are some of its biggest sales days of the year, and cybercriminals will be looking to capitalize on that. That means shoppers will need to be especially on guard as they look for deals. 

And many Prime Day offers feature big price cuts and disappear fast, making it more likely that shoppers will click before they think. But slowing down is exactly what they need to do.

“I think the most important thing is to be skeptical right out of the gate,” Meister said.

Tips for safe Prime Day shopping 

Here are a handful of tips from Amazon and Check Point for how to stay safe while shopping for Prime Day deals.

Double-check domain names. If a site’s address doesn’t start with “Amazon.com,” it could be a fake. The same goes for other online retailers. Look for misspellings, additional punctuation and anything else that might seem a little off in the address.

For Amazon purchases, stick to the company’s website, app and stores. Amazon will never ask for payment over the phone, by text or by email. It also won’t ask you to make them by bank transfer or through a third-party site.

Go straight to retailer websites. You’re better off typing in the URL directly than clicking on a link that might be shady. If a message says you ordered something that you think you didn’t, skip the link and just check “My Orders” in your Amazon account to see if that’s true.

Use a good password and 2FA. Hard-to-crack passwords are a must for all retail sites. That means they need to be long, unique and random. Don’t be tempted to recycle even a great password if you’ve used it for another account. And whenever possible, enable two-factor authentication. Adding this extra form of authentication could save your bacon if your password does end up compromised.

Treat urgency with suspicion. Yes, a lot of Prime Day deals are limited-time, but any offer that says you need to buy right away needs a closer look. Cybercriminals are banking on you clicking before you think.

Look for the lock. By now, any legitimate retail site uses SSL encryption, which is signified by a lock symbol at the start of the URL. If it’s missing, shop elsewhere.

Report scam messages. Most email programs have buttons that let you report spam or phishing. Forward scam text messages to 7726 (SPAM). Prime Day scams should be reported to Amazon through their app or website.

If it’s too good to be true… Yes, we’ve heard this so many times it’s officially a cliche, but any mind-blowingly amazing deal should be treated like a scam, because it probably is. If you can’t verify it on the company’s site, steer clear.