Amazon Warns 220 Million Customers Of Prime Account Attacks
Beware this Prime account attack, Amazon warns customers.
Update, July 19, 2025: This story, originally published on July 17, has been updated with additional information from Amazon regarding account attack trends following a warning emailed to 220 million Prime account holders about an increase in Amazon impersonation scams.
I know better than most that Amazon Prime subscribers are under attack: I have been on the sharp end of multiple phone calls and email-based threats in the last four weeks alone. I have the advantage of being a cybersecurity insider, and so you would expect me to be aware of such threats and deal with them accordingly. Not everyone is so well informed, however, which is why Amazon has warned all 220 million Prime customers as attackers strike. Here’s what you need to know and do.
Amazon Warns Hundreds Of Millions Of Customers As Attackers Strike
Pieter Arntz, a malware intelligence researcher at Malwarebytes, has issued a timely July 16 reminder that “scammers are impersonating Amazon in a Prime membership scam.” I say timely, quite besides regular reminders of such attack threats being most welcome, because I have experienced not one, but two of these this week. Both were telephone calls, which I only answered as I was expecting to hear from the hospital and was in bed, ill at the time. The cause of Arntz’s reminder, and the underlying Amazon warning to all 220 million Prime customers, however, was a spike in email attacks claiming that subscription rates are about to rise, along with a cancel subscription button that would lead to Prime account credential theft. The phone calls I took, by the way, were similar in outcome but differed in that they wanted me to believe someone had purchased an iPhone 13, of all things, using my account.
Amazon account attack warning email.
The warning emails from Amazon, which I received on July 4 and wrote about at Forbes on the very same day, started with a stark alert that Amazon has become aware of “an increase in customers reporting fake emails about Amazon Prime membership subscription.” These emails are particularly dangerous because, as Amazon said, they “might include personal information in the emails, obtained from other sources, in an attempt to appear legitimate.” This came on top of earlier warnings from security researchers that more than 120,000 fake Amazon domains and web pages had been set up in the weeks and months before Prime Day, one assumes to be used to help in such attacks.
What Are Amazon Prime Account Impersonation Attacks?
Amazon has described an impersonation scam, the type of attacks that it is warning Prime users about, as being when an attacker “pretends to be a trustworthy organization or person in order to steal your money or personal information,” and perpetrated by “phone, email, text, or even by messaging you on social media.” The common denominator between them is that the threat actor seeks to induce the victim to make a payment or provide Amazon credentials, the latter leading to a Prime account takeover and all that entails. Amazon readily admits that such attacks are difficult to identify, hence the need for the warning email; however, it recommends that users be alert to certain red flags that can indicate this kind of attack methodology.
- Attackers will often create a false sense of urgency and leverage this to entice a knee-jerk reaction, such as clicking a link or providing account information.
- Attackers will oftentimes ask for personal information, as well as the aforementioned account credentials, that a genuine caller or member of Amazon support staff would not. These may include, but are not limited to, payment and banking information.
- Attackers may, as I mentioned earlier, suggest that you have made a high-ticket item order so as to leverage the urgency and require you to follow a link to cancel it.
- Attackers may attempt to get you to make payments outside of legitimate Amazon channels, including third-party sites and wire transfers, or even by way of gift cards.
Amazon Warns Of 5 Common Attack Trends
Amazon has also compiled a list of the five most common scam attack trends that it sees impacting customers, although, as attackers are continually evolving their methods, it stressed that this cannot be a comprehensive list of tactics and techniques, but rather is a basis for understanding how scammers might strike.
- Let’s start with Prime membership scams, where an attacker might claim that there is an issue with your subscription, or that an additional fee is owed. “Scammers try to convince you to provide payment or bank account information to reinstate a membership,” Amazon warned, adding that it will never ask for such details over the telephone or by email. Amazon advises users to visit the Message Center on the Amazon website or mobile app to review authentic emails from Amazon.
- Next up are the account suspension or deletion warning scams that claim your Amazon account is to be, erm, suspended or deleted, unless a specified action is taken within a short timeframe. “Actions may include selecting a fraudulent link or providing information like payment details or login credentials to verify your account,” Amazon warned. Once again, Amazon will not ask for your credentials, or any sensitive personal information, over the telephone, by email or through any website external to Amazon itself. “If you have questions about your account status,” Amazon advised, “visit the Amazon website or mobile app to view your account details,” where legitimate and authentic Amazon emails can be found logged within the Message Center.
- Order confirmation scams follow a fairly predictable pattern, if you’ve been paying attention so far, in that they will involve another unexpected communication supposedly from Amazon, but this time referring to an unauthorised purchase of some kind. This is the type of attack I have been subjected to multiple times, and referred to at the start of this article, where my account credentials were requested to confirm or deny the alleged transaction. The scammers might also ask for payment details, suggest purchasing gift cards to cover the transaction, or advise you to install software so they can verify the information. “Verify your orders by logging into your Amazon account,” Amazon said, “only legitimate purchases will appear in your order history, and you can also contact customer service for support.”
- I mentioned a proliferation of fake Amazon websites earlier, and these are used in trend number four: the tech support scam. “Customers who land on these pages,” Amazon warned, “are lured to contact the scammer and fall prey to their schemes.” As such, using a search engine to find Amazon customer support is not recommended. Instead, Amazon advised that you go “directly to the help section of our website when seeking help with Amazon devices or services.”
- And finally, beware of the recruitment scams. Amazon is a massive company, and people are keen to find work there. Unsurprisingly, then, scammers are also keen to exploit this by way of fictitious job opportunities through unofficial channels, websites, emails, and text messages. “They usually request that you provide personal information and payments to apply for jobs that don’t exist,” Amazon said. All official Amazon job postings can be found at Amazon.jobs.
How To Mitigate Prime Attacks, According To Amazon
The attack warning email from Amazon included a number of mitigation recommendations, including:
- To verify your Prime membership, open your Amazon mobile app or go directly to Amazon.co.uk and select “Prime” from the main menu.
- Always access Amazon directly through the mobile app or by typing amazon.co.uk in your browser.
- To determine if a message is really from Amazon, visit the Message Center under “Your Account.”
- Enable two-step verification for your Amazon account through the Login & Security settings.
You can find further advice from Amazon online regarding how it protects customers from scams, along with the best ways to report an attack.
Check the BBB Scam Tracker database for Amazon attacks.
Amazon has also partnered with the Better Business Bureau to enable customers to search a database of scams that allows the user to search by attack type, email, URL, brand, phone number and so on. You can also use the BBB Scam Tracker tool to report scam attacks.