Amazon has issued a stark warning to its 220 million Prime subscribers globally following a massive surge in email and phone-based subscription scams. The tech giant, along with cybersecurity experts, has raised concerns over increasingly sophisticated attacks aiming to trick users into giving away their personal data and account credentials.
Rise in Fraudulent Emails and Calls
Security researcher Pieter Arntz of Malwarebytes highlighted the scam in a detailed alert on July 16, confirming an alarming rise in phishing attempts disguised as Amazon communications. The fake emails claim that a subscriber’s Prime membership is about to be renewed or upgraded at a higher rate, prompting users to click a fake “cancel subscription” button. This link leads unsuspecting victims to phishing sites designed to harvest their Amazon login information.
Even more worrying are the phone scams, where fraudsters impersonate Amazon representatives and allege unauthorised purchases, such as an iPhone 13, made from the user’s account. These calls aim to scare users into revealing sensitive financial details or remote-accessing their devices.
The attacks come amidst reports that over 120,000 fake Amazon-related websites and domains were created ahead of Amazon’s Prime Day in July, suggesting organised cybercrime activity seeking to exploit high online traffic.
Amazon’s Official Advisory to Users
In an official email sent on July 4, Amazon acknowledged a surge in reports from customers receiving fake Prime-related messages. The company warned that these emails often contain personal information gathered from other sources, making them appear genuine.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
To counter the threat, Amazon recommends several immediate actions:
Always verify Prime membership through the Amazon mobile app or official website.
Avoid clicking links in emails or messages claiming to be from Amazon.
Use the Message Centre in “Your Account” to confirm the legitimacy of communications.
Enable two-step verification for additional account protection.
Cybersecurity professionals emphasise that these scams are especially dangerous for elderly users or those less tech-savvy, who may trust emails or calls without verifying their source.
The ongoing wave of impersonation fraud highlights the need for continuous vigilance, particularly as digital services become deeply integrated into everyday life.