Over 200 million Amazon Prime customers warned about scammers trying to steal their accounts — how to stay safe

Amazon on phone next to Prime box — (Image credit: Shutterstock)

Prime Day may be over but you’re going to want to pay close attention to any emails claiming to come from Amazon as there has been a surge in scammers impersonating the company in recent weeks.

According to a new blog post from Malwarebytes, the company sent out an alert to its 200 million customers warning them of an ongoing Prime membership scam. The timing of these phishing attacks makes a lot of sense too as customers would likely be concerned about losing access to their memberships ahead of one of the biggest sales events of the year.

Here’s everything you need to know about this new online scam along with some tips and tricks on how you can keep your Amazon Prime and other accounts safe from scammers.

Phishing for logins

A fishing hook resting on a laptop keyboard. — (Image credit: wk1003mike/Shutterstock)

These fake emails impersonating Amazon use the company’s logo and style to appear more convincing. However, the scammers behind this campaign have also gone the extra mile by including personal information obtained from other sources to make them appear even more legitimate.

Given that most people don’t want to pay more for the same subscription without any clear benefits, potential victims that receive one of these fake emails may be inclined to cancel their Amazon Prime membership. Well, the scammers have thought of that too which is why they include a “cancel subscription” button at the bottom of their messages.

As you may have guessed, clicking on this button doesn’t take you to Amazon’s official site. Instead, it takes you to a fake Amazon login screen where you’re prompted to enter your credentials. Doing so leaves the scammers behind this campaign with your username and password which they’ll then use for all manner of malicious activities as well as committing fraud by buying things from Amazon.

Another real danger comes from password reuse though. If you’ve used the same password for your Amazon account with any of your other online accounts, the scammers will try to login and take over them as well.

To make matters worse, that fake Amazon landing page may also request payment information and other personal info. If you enter any of it here, just like with your Amazon password, it will end up in the hands of scammers to be used in other attacks.

How to stay safe from scammers

Woman using smartphone and laptop — (Image credit: Shutterstock)

Given the sheer amount of spam and phishing emails that are sent out each day, you always need to be extra careful when checking your inbox as one wrong click or reply could have serious consequences.

When looking at a suspicious email, there are few things you should check first. For starters, you always want to look at the sender’s email address. If the email address doesn’t look like one of these below, then you can be fairly certain you’re dealing with a scammer:

account-update@amazon.com
address-verification@amazon.com
cis@amazon.com
suspect-abuse@amazon.com
cs-escalations@amazon.com
ecr-replies@amazon.com
cs-reply@amazon.com
chargeback-billing-reply@amazon.com
payments-investigate@amazon.com
merchant-disbursement-inquiry@amazon.com
payments-mail@amazon.com
merchant-balance@amazon.com
disbursement-appeals@amazon.com

As for changes to your Prime account and auto-renewal notices, Amazon doesn’t typically send these types of messages via email. Instead, they’ll appear on the company’s website or in its app.

Some other things to look out for in scam emails are a sense of urgency and the inclusion of personal details like in the scam described above. Hackers and scammers will often use urgent language to get you to act quickly and by including other personal details, they can make their fake emails more believable.

In order to keep your Amazon account safe from scammers and other cybercriminals, you want to make sure that you’re using a strong and complex password. If you have trouble coming up with one on your own or just want a place to securely store all of your passwords, then you should look into the best password managers. Keep in mind though, all of your online accounts should have their own unique password too.

If you come across a suspicious email, you absolutely want to avoid clicking on any links it may contain or downloading any attachments since fake emails can take you to malicious sites spreading malware. For this reason, you want to ensure that you’re using the best antivirus software on your Windows PC or the best Mac antivirus software on your Apple computer.

As one of the biggest online retailers in the world, Amazon is one of the most impersonated companies out there. However, by keeping a level head and carefully scrutinizing any emails claiming to come from the company, you can avoid falling victim to this and other online scams.

Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.

More from Tom's Guide

TOPICS

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.