- More than 120,000 fake Amazon websites appeared ahead of Prime Day sales
- Scams related to unauthorized payments reached 38%, showing the shift in focus of hackers.
- Shoppers’ enthusiasm around Prime Day is the perfect tool for scammers
Cybersecurity researchers have revealed that cybercriminals have once again taken advantage of a massive business event to spread scams.
NordVPN found that more than 120,000 malicious websites were created in the months leading up to the July 2025 sale, and this trend continued ahead of the October sale as attackers sought to exploit the rush.
Amazon Prime Day deals have long attracted online shoppers, but data suggests they’ve also become a magnet for scammers.
A changing goal among cybercriminals
NordVPN reports that hackers are increasingly creating fake websites designed to look like legitimate Amazon pages.
These pages often trick users into sharing payment information or downloading harmful files.
Amazon’s own data shows that cybercriminals’ tactics are evolving. Instead of trying to gain access to customer accounts, many are now targeting direct financial theft.
The number of cases involving unauthorized payments increased from 28% in April to 38%, which is the highest target among attackers.
NordVPN’s analysis also found that during Amazon’s Great Spring 2025 Sale earlier this year, the number of malicious websites jumped by 1,661%.
Similarly, phishing and scam sites increased by 1,294% and 8,325%, respectively.
Many of these sites imitate the design and URL structure of official Amazon pages, tricking users into entering sensitive data or downloading harmful software.
The company detected 92,000 phishing websites masquerading as Amazon domains and nearly 21,000 attempting to distribute malicious files.
Malware removal tools can be helpful in such situations, but the most effective defense is prevention.
“Major shopping events like Prime Day create a perfect storm for cybercriminals. Fraudsters know that shoppers’ excitement and urgency over limited-time offers makes them more likely to click on malicious links or share personal information,” says Marijus Briedis, chief technology officer (CTO) at NordVPN.
Experts advise buyers to always use the official Amazon website rather than following links from promotional emails or third-party posts.
Customers should also look for the secure prefix ‘and the padlock symbol in the browser bar before entering personal information.
Suspicious messages containing grammatical errors or warnings about account closures should be treated with skepticism.
Amazon does not ask for sensitive information such as passwords or social security numbers via email.
Using a reliable password manager can also reduce exposure by generating unique and complex passwords for each site, minimizing risk if an account is compromised.
Even though Amazon Prime Day October 2025 is over, online shoppers are urged to remain cautious and remember that deals promising unrealistic discounts are often bait for scams.
“Cybersecurity fundamentals can sometimes be forgotten during large online shopping events,” says Briedis.
“Buyers should never click on links in unsolicited emails, even if they appear to be from Amazon.”
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.