From the 23 to 26 June 2026 come backAmazon Prime Day, a highly anticipated time every year for great deals. While on the one hand the online event is an excellent opportunity to get the “deal of the year” by taking advantage of one of the many offers on a vast selection of products, Prime Day represents a good opportunity also for scammers. These aim to exploit users’ trust in the brand, the strong propensity to purchase and the rush induced by limited offers to orchestrate their criminal plans. It is no coincidence that this time of year regularly sees a surge in phishing emails, fake “mirror” sites (faithful replicas of Amazon’s official website) and deceptive messages, with the aim of stealing personal data, passwords or credit card numbers.
The data collected by the experts of Check Point Research reveal that these attacks are not improvised at all, but planned months in advance. Between December 2025 and May 2026 they were recorded well 6,843 new domains attributable to the Amazon name. This temporal advantage is used by criminals to “age” fake sites, thus bypassing security systems that tend to block very recently created domains. Already in May 2026, approximately one in eleven of the new domains was cataloged by the experts Check Point Research as harmful or suspicious.
The pressure of cybercrime, however, does not only affect consumers, but extends to the entire commercial chain. Also in May 2026, companies belonging to the world of financial services they suffered an average of 1,939 attacks per weekwith an increase of 8% compared to the previous year, while the consumer goods and online shops sector reached an average of 1,809 attacks weekly.
The two coordinated criminal operations identified by experts
The specialists of Check Point Research they identified two major coordinated operations.
There Before exploit the “multi-TLD” techniqueor the variation of the final extension of an Internet address (such as .com or .it): scammers have registered six variations of sites – amazon-prime.help, amazon-prime.cam, amazon-prime.cc, amazon-prime.club, amazon-prime.app And amazon-prime.buzz – to «intercept Prime members regardless of the extension they type and keep phishing pages active even if individual domains are removed», to resume the explanation used by security experts.
The campaign technique, renamed “amazoncredit”targets the Spanish and Portuguese speaking markets through well 46 fake domains that promise fake discount coupons. To make the deception even more refined, the IDN technologya system that allows you to insert accented characters into web addresses that appear in your browser. Check Point Research he explained that in this way the scammers were able to ensure that “amazoncrédito is displayed with an accent in browsers, making the parody significantly more convincing for native speakers (Spanish, Ed.)”.
True mirror copies of the original marketplaces proliferate on the Web. Sites like amazonashop.shop they faithfully replicate Amazon’s orange graphics, menus and banners, confusing those who land there from social media ads or a simple typing error. It was created for the Italian market amzn-good.clicka portal that promises fake vouchers linked to Prime Day. Other scams instead reproduce individual product sheets: amazon-express.clickfor example, artificially creates urgency with messages like “first 1,000 users only,” while amazon-club.click goes so far as to copy the reviews and the “Amazon’s Choice” sticker to make the purchasing experience seem as similar as possible to that of the official Amazon portal and thus succeed in the attempt to steal the credit card data at the time of payment. Added to all this are the campaigns of smishing which simulate fake delivery delays, and attempts to steal 2FA codes, i.e. two-factor authentication codes which represent the second level of security for accessing a profile.
Amazon itself, on this support page, has listed the most common scams that are worth watching out for during the Prime Day period, but in general throughout the year. We will summarize them in the following points.
- False order confirmation: they consist of messages that report a purchase that was never made, inviting you to click on a link to cancel it.
- Fake tech support: It is typically perpetrated through sites and messages that pretend to come from Amazon device support centers with the aim of stealing personal data.
- Issues with Prime membership: emails and SMS requesting bank details to confirm registration. Since Prime Day contains offers that are only accessible if you have an active Prime membership, a communication of this type could push you to provide your card details without thinking twice to avoid missing out on the opportunity to grab Prime Day discounts.
- Account Suspension: consist of communications that threaten the closure of the profile if the instructions provided by phantom Amazon operators are not followed, who in reality are scammers and have nothing to do with
How to protect yourself from Prime Day themed scams
To defend yourself from these and other scam attempts, it is essential carefully check the site URL before proceeding with any purchase, remembering that the official Amazon Italia one is one and only one: amazon.it. If you receive messages containing links that take you to other sites, do not open them and do not provide any personal data. Access Prime Day deals exclusively from the official Amazon website or app.
