- Over 120,000 fake Amazon websites appeared before Prime Day sales
- Unauthorized payment scams rose to 38%, showing hackers’ shifting focus
- Shoppers’ excitement around Prime Day is the perfect tool for scammers
Cybersecurity researchers have revealed cybercriminals once again took advantage of a massive shopping event to spread scams.
NordVPN found more than 120,000 malicious websites were created in the months leading up to the July 2025 sale, and this trend continued ahead of October’s sale, as attackers sought to exploit the rush.
Amazon Prime Day deals have long been a magnet for online shoppers, but the data suggests they have also become a magnet for scammers.
A changing objective among cybercriminals
NordVPN reports hackers are increasingly setting up fake websites designed to look like legitimate Amazon pages.
These pages often trick users into sharing payment information or downloading harmful files.
Amazon’s own data shows that the tactics of cybercriminals are shifting. Instead of trying to gain access to customer accounts, many are now targeting direct financial theft.
The number of cases involving unauthorized payments rose from 28% in April to 38%, marking the highest reported goal among attackers.
NordVPN’s analysis also found that during Amazon’s 2025 Big Spring Sale earlier this year, the number of malware websites surged by 1,661%.
Similarly, phishing and scam sites increased by 1,294% and 8,325% respectively.
Many of these sites mimic the design and URL structure of official Amazon pages, tricking users into entering sensitive data or downloading harmful software.
The company detected 92,000 phishing websites masquerading as Amazon domains and nearly 21,000 that attempted to distribute malicious files.
Malware removal tools can help in such situations, but the most effective defense remains prevention.
“Major shopping events like Prime Day create perfect storms for cybercriminals. Scammers know that shoppers’ excitement and urgency around limited-time deals make them more susceptible to clicking on malicious links or sharing personal information,” says Marijus Briedis, chief technology officer (CTO) at NordVPN.
Experts advise shoppers to always use Amazon’s official website rather than following links from promotional emails or third-party posts.
Customers should also look for the secure “https://” prefix and the padlock symbol in the browser bar before entering any personal details.
Suspicious messages filled with grammatical errors or warnings about account closures should be treated with skepticism.
Amazon does not request sensitive information such as passwords or Social Security numbers through email.
Using a reliable password manager can also reduce exposure by generating unique, complex passwords for each site, minimizing the risk if one account is compromised.
Even though October 2025’s Amazon Prime Day is over, online shoppers are urged to stay cautious and remember that deals promising unrealistic discounts are often bait for scams.
“The fundamentals of cybersecurity can sometimes be forgotten during major online shopping events,” says Briedis.
“Shoppers should never click links in unsolicited emails, even if they appear to come from Amazon.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Add Comment