Amazon Prime Day 2021: Tips to help you avoid getting scammed

Cybersecurity
(Image credit: Shutterstock / song_about_summer)

Amazon Prime Day 2021 is upon us and many people will be laser-focused on identifying the best possible deals. But it’s not just consumers that will be out in force.

As with any major event, Amazon Prime Day provides fertile ground for cybercriminals hoping to scam people out of their personal information and hard-earned cash. Analysis from multiple security companies suggests the threat level could be particularly high this year.

According to Check Point Software, upwards of 2,300 new Amazon-related domains have been registered in the last 30 days, representing a 10% increase on the previous Amazon Prime Day. The majority (80%) of these websites are classified as potentially dangerous, while 46% were found to host malware or phishing mechanisms.

There are a number of strategies scammers can use to attract punters to these dangerous addresses. For example, they could pose as a member of the Amazon customer service team, or send out an email promoting a time- or stock-limited flash deal. Criminals have also been known to insert themselves further down the e-commerce chain, masquerading as payment providers and delivery companies.

Amazon Prime Day: Advice from security experts

Although consumers will likely be subjected to a barrage of phishing attacks on Amazon Prime Day, there is plenty that can be done to avoid falling victim to scammers. And the responsibility doesn’t just fall on shoppers; retailers have a responsibility to protect customers too.

Here’s what the security experts have to say:

Dan DeMichele, VP Product at LastPass by LogMeIn
“As everyone begins tracking down the best deals, threat actors are making plans to exploit any slip-ups in our online behaviour. Security risks linger even after making the initial purchase, for example in phishing emails disguised as post-purchase correspondence, from receipts and tracking numbers to requests for feedback. To stay safe against cybercriminals, consumers should be on the look-out for suspicious behaviour – double checking URLs and making sure the padlock symbol on your browser is present are good places to start.”

Tom Kendrick, EMEA Security Evangelist at Check Point
“I strongly urge Prime Day shoppers this year to be extra cautious, to watch for misspellings, and to share only the bare minimum. I would triple check emails that appear to be from Amazon next week, including delivery notifications. If you’re unsure of the status of a delivery, go directly to the Amazon website.”

Jake Moore, Cybersecurity Specialist at ESET
“Scammers are attracted to special online events like moths to a flame. There is the potential that customers will see an sizable increase in calls, emails and texts attempting to entice people into parting with their cash.”

“It is important that people never part with their Amazon password and that their account is secured with two-factor authentication. If there is ever a warning there may be a problem with your account it is advised to go direct to the app installed on your phone rather than clicking on links in emails or text messages.”

Armorblox threat research team
“Many legitimate sales and offers during Prime Day leverage the ‘hyperbolic discounting’ effect by offering products on discounts that are almost too good to be true. Scammers exploit this same cognitive bias by sending email announcements that are actually too good to be true (i.e. they are scams).”

Todd Moore, VP Encryption Solutions at Thales
“While we all want the latest and greatest deals, shoppers need to be vigilant about the purchases they make online. Customers may be savvy when it comes to threats like phishing and fraudulent landing pages, but many don’t know that their personal information is still at risk from the threat of cyberattacks long after a package arrives on their doorstep.”

“Consumers do have a duty to ensure they are using strong passwords and multi-factor authentication to protect their details, but the brunt of responsibility falls on retailers to implement end-to-end encryption of sensitive payment data."

Simple tips to stay protected on Amazon Prime Day

The following tips, provided by a collection of security companies, can help you shield your devices and personal data on Amazon Prime Day.

  • Stay alert to misspellings of “Amazon” in web addresses, as well as any websites that use different top-level domains (e.g. .co instead of .com)
  • Check emails for grammar and spelling mistakes that might betray a scam
  • Avoid entering payment details into websites not protected by SSL encryption (look for the “https://” suffix and lock icon in the URL bar)
  • Beware of deals that are too good to be true. There will be plenty of amazing deals on Amazon Prime Day, but you’re never going to get a new MacBook for $200
  • Avoid sharing personal details over the phone with customer support or billing representatives
  • Use credit cards instead of debit card, which will make it easier to recover funds if disaster does strike
  • Always use a VPN service when shopping over public Wi-Fi networks, which are inherently insecure
  • Deploy two-factor authentication to prevent unauthorized access to your accounts and a password manager to store your credentials
  • Make sure your operating system and web browser are fully updated, with all the latest security patches installed
TOPICS
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Read more
A man falling into a mobile phone screen.
Safer Internet Day: how to avoid online scams and stay safe online
Two characters exchange Christmas gifts in Christmas at the Golden Dragon
Christmas shopping scams – how to stay safe
A light pink gift box with blush pink bow, red hearts and confetti on a pastel pink background.
How to spot Valentine’s Day scams - stay safe on this most special day with our security tips
Google Pixel Scam Detection warning
Common internet scams and how to avoid them
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
An illustration of a hooded hacker with an obscured face holding a large fingerprint against a red background.
ID theft – what happens when someone steals your identity
Latest in Security
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
Latest in News
iOS 18 Control Center
iOS 19: the 3 biggest rumors so far, and what I want to see
Doom: The Dark Ages
Doom: The Dark Ages' director confirms DLC is in the works and says the game won't end the way 2016's Doom begins: 'If we took it all the way to that point, then that would mean that we couldn't tell any more medieval stories'
DVDs in a pile
Warner Bros is replacing some DVDs that ‘rot’ and become unwatchable – but there’s a big catch that undermines the value of physical media
A costumed Matt Murdock smiles at someone off-camera in Netflix's Daredevil TV show
Daredevil: Born Again is Disney+'s biggest series of 2025 so far, but another Marvel TV show has performed even better
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Nintendo Switch 2
A Nintendo Switch 2 FCC filing confirms Wi-Fi 6 and NFC support for the upcoming console