- More than 120,000 fake Amazon websites appeared before Prime Day sales
- Unauthorized Payment Scams Increased to 38%, Showing Hackers’ Changing Focus
- Shopper enthusiasm for Prime Day is the perfect tool for scammers
Cybersecurity researchers have revealed that cybercriminals once again took advantage of a massive shopping event to spread scams.
NordVPN found that more than 120,000 malicious websites were created in the months leading up to the July 2025 sale, and this trend continued leading up to the October sale as attackers attempted to take advantage of the rush.
Amazon Prime Day deals have long been a magnet for online shoppers, but data suggests they have also become a magnet for scammers.
A changing target among cybercriminals
NordVPN reports that hackers are increasingly creating fake websites designed to look like legitimate Amazon pages.
These pages often trick users into sharing payment information or downloading harmful files.
Amazon’s own data shows that cybercriminals’ tactics are changing. Instead of trying to gain access to customers’ accounts, many are now targeting direct financial theft.
The number of cases related to unauthorized payments increased from 28% in April to 38%, marking the highest reported target among attackers.
NordVPN analysis also found that during Amazon’s Big Spring 2025 Sale earlier this year, the number of malware websites increased by 1,661%.
Similarly, phishing and scam sites increased by 1,294% and 8,325% respectively.
Many of these sites imitate the layout and URL structure of official Amazon pages, tricking users into entering sensitive data or downloading harmful software.
The company detected 92,000 phishing websites disguised as Amazon domains and nearly 21,000 attempting to distribute malicious files.
Malware removal tools can help in such situations, but the most effective defense is still prevention.
“Big shopping events like Prime Day create perfect storms for cybercriminals. Scammers know that shoppers’ excitement and urgency around limited-time offers make them more susceptible to clicking on malicious links or sharing personal information,” says Marijus Briedis, Chief Technology Officer (CTO) at NordVPN.
Experts advise buyers to always use the official Amazon website instead of following links in promotional emails or third-party posts.
Customers should also look for the “secure” prefix and the lock symbol in the browser bar before entering any personal information.
Suspicious messages filled with grammatical errors or warnings about account closures should be treated with skepticism.
Amazon does not request sensitive information such as passwords or Social Security numbers via email.
Using a reliable password manager can also reduce exposure by generating unique and complex passwords for each site, minimizing risk if an account is compromised.
Although Amazon Prime Day in October 2025 is now over, online shoppers are urged to be cautious and remember that deals promising unrealistic discounts are often bait for scams.
“Cybersecurity fundamentals can sometimes be forgotten during major online shopping events,” says Briedis.
“Shoppers should never click on links in unsolicited emails, even if they appear to come from Amazon.”
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
