Why You Can Trust CNET
Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Reviews ethics statement
Amazon's October Prime Day sale is almost here, but shoppers on the hunt for great deals need to be careful that they don't get scammed in the process. Cybercriminals will be looking to use the massive online event as an opportunity to con unwitting shoppers out of their money and personal information.
Ahead of the event, which starts Tuesday, researchers for the cybersecurity firm Check Point say they've spotted 1,000 new Amazon-related domains over the past 30 days and about 88% of those appear to be potentially malicious or scammy.
While Check Point says many of the sites appear to be "parked," meaning that they're not currently being used for a website or email hosting service, they could be used as part of a phishing scheme.
Some of the fake sites are designed to look just like Amazon. Unwitting shoppers reach them when they click on links in phishing emails, SMS messages or ads posted on social media.
An example of a scam email spotted by Check Point.
Check PointThat's not exactly shocking. Amazon says scam activity traditionally spikes during the days surrounding Prime Day events.
Oftentimes, consumers will receive messages saying that there's a problem with their Amazon account that needs to be fixed right away or they'll risk missing out on those limited-time offers. Other messages might claim that there's a problem shipping an item or are designed to look like an order confirmation for a very expensive item that the customer didn't buy.
Regardless of their specific pitch, the objective of the scams is to steal payment card information or Amazon account usernames and passwords. And that could prove disastrous for shoppers who might not think before they click.
An example of a spoofed Amazon website designed to scam consumers.
Check PointWhy Amazon and Prime Day?
Amazon-related scams aren't relegated to just Prime Day and aren't a new thing. According to the Federal Trade Commission, Amazon was the second-most impersonated company in 2023. Scammers pretending to be Amazon accounted for 34,000 complaints and $19 million in losses reported to the commission.
And it's not just Amazon. Scammers also try to pass themselves off as tech support for companies like Microsoft, retailers like Best Buy, shipping companies such as UPS and officials from government agencies like the IRS.
Security experts say it's Amazon's widespread popularity makes it a top choice for scammers. If a consumer gets an email that looks like it's coming from a bank they don't have an account with, they're probably going to delete it right away. But just about everybody has an Amazon account, making scam emails featuring Amazon significantly more convincing.
Outside of the holiday shopping season, Amazon's Prime Day events are some of its biggest sales days of the year and cybercriminals will be looking to capitalize on that. That means shoppers are going to need to be especially on guard as they look for deals.
And many Prime Day offers feature big price cuts and disappear fast, making it more likely that shoppers will click before they think. But that's exactly what they need to do.
Tips for safe Prime Day shopping
Here are a handful of tips from Amazon and Check Point for how to stay safe while shopping for Prime Day deals.
Double-check domain names. If a site's address doesn't start with "Amazon.com," it could be a fake. The same goes for other online retailers. Look for misspellings, additional punctuation and anything else that might seem a little off in the address.
For Amazon purchases, stick to the company's website, app and stores. Amazon will never ask for payment over the phone, by text or by email. It also won't ask you to make them by bank transfer or through a third-party site.
Go straight to retailer websites. You're better off typing in the URL directly than clicking on a link that might be shady. If a message says you ordered something that you think you didn't, skip the link and just check "My Orders" in your Amazon account to see if that's true.
Use a good password and 2FA. Hard-to-crack passwords are musts for all retail sites. That means they need to be long, unique and random. Don't be tempted to recycle even a great password if you've used it for another account. And whenever possible, enable two-factor authentication. Adding this extra form of authentication could save your bacon if your password does end up compromised.
Treat urgency with suspicion. Yes, a lot of Prime Day deals are limited-time, but any offer that says you need to buy right away needs a closer look. Cybercriminals are banking on you clicking before you think.
Look for the lock. Any legitimate retail site uses SSL encryption by now. It's signified by a lock symbol at the start of the URL. If it's missing, shop elsewhere.
Use a credit card. If fraudulent charges show up, you won't be on the hook for the cost.
Report scam messages. Most email programs have buttons that let you report spam or phishing. Scam text messages can be reported by forwarding them to 7726 (SPAM). Prime Day scams should be reported to Amazon through their app or website.
If it's too good to be true… Yes, we've heard this so many times it's officially a cliche, but any mind-blowingly amazing deal should be treated like a scam, because it probably is. If you can't verify it on the company's site, steer clear.