Update, July 18, 2025: This story, originally published on July 17, has been updated with additional information from Amazon regarding the Prime account attacks that it has emailed 220 million users to warn them about.
I know better than most that Amazon Prime subscribers are under attack: I have been on the sharp end of multiple phone calls and email-based threats in the last four weeks alone. I have the advantage of being a cybersecurity insider, and so you would expect me to be aware of such threats and deal with them accordingly. Not everyone is so well informed, however, which is why Amazon has warned all 220 million Prime customers as attackers strike. Here’s what you need to know and do.
Amazon Warns Hundreds Of Millions Of Customers As Attackers Strike
Pieter Arntz, a malware intelligence researcher at Malwarebytes, has issued a timely July 16 reminder that “scammers are impersonating Amazon in a Prime membership scam.” I say timely, quite besides regular reminders of such attack threats being most welcome, because I have experienced not one, but two of these this week. Both were telephone calls, which I only answered as I was expecting to hear from the hospital and was in bed, ill at the time. The cause of Arntz’s reminder, and the underlying Amazon warning to all 220 million Prime customers, however, was a spike in email attacks claiming that subscription rates are about to rise, along with a cancel subscription button that would lead to Prime account credential theft. The phone calls I took, by the way, were similar in outcome but differed in that they wanted me to believe someone had purchased an iPhone 13, of all things, using my account.
The warning emails from Amazon, which I received on July 4 and wrote about at Forbes on the very same day, started with a stark alert that Amazon has become aware of “an increase in customers reporting fake emails about Amazon Prime membership subscription.” These emails are particularly dangerous because, as Amazon said, they “might include personal information in the emails, obtained from other sources, in an attempt to appear legitimate.” This came on top of earlier warnings from security researchers that more than 120,000 fake Amazon domains and web pages had been set up in the weeks and months before Prime Day, one assumes to be used to help in such attacks.
What Are Amazon Prime Account Impersonation Attacks?
Amazon has described an impersonation scam, the type of attacks that it is warning Prime users about, as being when an attacker “pretends to be a trustworthy organization or person in order to steal your money or personal information,” and perpetrated by “phone, email, text, or even by messaging you on social media.” The common denominator between them is that the threat actor seeks to induce the victim to make a payment or provide Amazon credentials, the latter leading to a Prime account takeover and all that entails. Amazon readily admits that such attacks are difficult to identify, hence the need for the warning email; however, it recommends that users be alert to certain red flags that can indicate this kind of attack methodology.
- Attackers will often create a false sense of urgency and leverage this to entice a knee-jerk reaction, such as clicking a link or providing account information.
- Attackers will oftentimes ask for personal information, as well as the aforementioned account credentials, that a genuine caller or member of Amazon support staff would not. These may include, but are not limited to, payment and banking information.
- Attackers may, as I mentioned earlier, suggest that you have made a high-ticket item order so as to leverage the urgency and require you to follow a link to cancel it.
- Attackers may attempt to get you to make payments outside of legitimate Amazon channels, including third-party sites and wire transfers, or even by way of gift cards.
How To Mitigate Prime Attacks, According To Amazon
The attack warning email from Amazon included a number of mitigation recommendations, including:
- To verify your Prime membership, open your Amazon mobile app or go directly to Amazon.co.uk and select “Prime” from the main menu.
- Always access Amazon directly through the mobile app or by typing amazon.co.uk in your browser.
- To determine if a message is really from Amazon, visit the Message Center under “Your Account.”
- Enable two-step verification for your Amazon account through the Login & Security settings.
You can find further advice from Amazon online regarding how it protects customers from scams, along with the best ways to report an attack.
Amazon has also partnered with the Better Business Bureau to enable customers to search a database of scams that allows the user to search by attack type, email, URL, brand, phone number and so on. You can also use the BBB Scam Tracker tool to report scam attacks.