- More than 120,000 fake Amazon websites pop up ahead of Prime Day sale
- Unauthorized payment fraud cases rose to 38%, indicating a shift in hackers' focus
- The shopping rush around Prime Day is the perfect tool for scammers
Cybersecurity researchers have found that cybercriminals are once again taking advantage of mass shopping to spread scams.
NordVPN found that more than 120,000 malicious websites were created in the months leading up to the July 2025 sale, a trend that continued into the October sale as attackers sought to take advantage of the hype.
Amazon Prime Day Offers have long been a magnet for online shoppers, but data shows they have also become a magnet for scammers.
Changing targets among cybercriminals
NordVPN reports that hackers are increasingly creating fake websites that look like real Amazon pages.
These pages often trick users into sharing payment information or downloading malicious files.
Amazon's own data shows that cybercriminal tactics are changing. Instead of trying to gain access to customer accounts, many are now targeting outright financial theft.
The number of cases of unauthorized payments increased from 28% in April to 38%, which was the highest level among cybercriminals.
NordVPN's analysis also showed that during Amazon Big Spring Sale 2025 Earlier this year, the number of malicious websites increased by 1,661%.
Similarly, the number of phishing and scam sites increased by 1294% and 8325% respectively.
Many of these sites mimic the design and URL structure of official Amazon pages, tricking users into entering sensitive data or downloading malicious software.
The company found 92,000 phishing websites masquerading as Amazon domains and nearly 21,000 that attempted to distribute malicious files.
Removing malware Tools can help in such situations, but prevention remains the most effective defense.
“Large shopping events like Prime Day create the perfect storm for cybercriminals. Fraudsters know that shoppers' excitement and urgency around limited-time offers makes them more susceptible to clicking on malicious links or sharing personal information,” says Marijus Briedis, CTO (CTO) at NordVPN.
Experts advise shoppers to always use Amazon's official website rather than clicking on links from promotional emails or third-party publications.
Customers should also look for the secure “https://” prefix and padlock symbol in the browser bar before entering any personal information.
Suspicious messages filled with grammatical errors or warnings about account closures should be treated with skepticism.
Amazon does not ask for sensitive information such as passwords or social security numbers via email.
Using a reliable password manager can also reduce the risk of infection by creating unique, complex passwords for each site, minimizing the risk of a single account being hacked.
Even though Amazon Prime Day has now ended in October 2025, online shoppers are advised to remain cautious and remember that offers promising unrealistic discounts are often bait for scams.
“The basics of cybersecurity can sometimes be forgotten during large online trading events,” says Briedis.
“Shoppers should never click on links in unsolicited emails, even if they appear to come from Amazon.”
Follow TechRadar on Google News. And add us as your preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the “Subscribe” button!
And of course you can also Follow TechRadar on TikTok for news, reviews, unboxing videos and get regular updates from us on whatsapp too much.
