Amazon Prime scam alert: Fake renewal messages target 220 million users

Scammers posing as Amazon officials are targeting Prime users with fake emails and calls to steal login credentials, bank details, and even social security numbers, New York Post reported.

The surge in attacks has sparked alerts from Amazon and cybersecurity watchdogs after thousands of malicious websites and phone numbers were taken down this year.

“In 2024 alone, Amazon removed over 55,000 phishing sites and 12,000 phone numbers linked to impersonation scams,” Amazon said in an email alert earlier this month. Most of the scams appear to involve fake messages about order confirmations or account issues — tricking users into sharing sensitive information.

According to Malwarebytes, some fraudulent emails warn users of unexpected charges or claim their Prime subscription is auto-renewing at a high price. These messages often include a “cancel subscription” link that leads to a fake Amazon login page. Users who enter their credentials on these pages risk handing over not just Amazon access, but potentially other linked accounts that use the same password.

“Scammers who attempt to impersonate Amazon put consumers at risk,” Dharmesh Mehta, Amazon’s vice president of Selling Partner Services, told the New York Post. “Although these scams take place outside our store, we continue to invest in consumer protection and education.”

Amazon have highlighted five common types of scam tactics:

Amazon reminds users it never requests payment info via calls or emails, and never asks for gift cards. It’s also rolling out tools like verified logo icons in Gmail and Yahoo inboxes to help users identify real emails.

As Forbes reported, text-based “refund scams” alone have surged over 50-fold in the past two weeks. The scale of attacks in the US and Europe is now “out of control.”