As Amazon has now confirmed that Prime Day 2025 will take place July 8 through July 11, you can expect to be on the end of such calls, text messages and emails yourself. An Amazon spokesperson told me that “as deals drop, consumers may also drop their guards, making them more susceptible to scams.” And Amazon has the numbers to make the hairs on your back stand up to support this: “In the weeks surrounding Prime Day in 2024,” the spokesperson said, “Amazon customers reported an 80% increase in all impersonation scams that claimed there was an issue with their account.”

Unsurprisingly, as in my case, the top threat tactics included claiming to be from Amazon support and warning that there was a problem with your order, account, or payment. “Impersonation scams via phone calls,” Amazon said, “more than doubled during Prime Day” last year.

Amazon Advice For Customers To Prevent Account Scam Attacks

Amazon has shared the following advice for shoppers, both before and during the Prime Day 2025 sales, on how to stay safe from brand impersonation hackers:

• Never share your Amazon credentials with any third-party tools, websites or, well, anyone. They don’t need to know. Only use tools and sites that support the secure Login With Amazon authentication process.
• Verify purchases directly on Amazon, do not respond to a message, click on a link or give account information over the phone.
• Never place an order by email with a seller. Amazon will only ever ask for payment in its app or on the website, and never by email or phone.
• Do not be fooled by scammers creating a sense of false urgency. Count to ten and apply the advice at the top of the list.
• Amazon will never ask you to purchase a gift card.
• Keep your operating system and the Amazon app updated to the latest version to ensure the best security protections are in place.
• Ensure your Amazon account is protected by two-step verification, also known as two-factor authentication or 2FA

Search Engine Poison Makes The Phishing Waters Even More Murky

One of the pieces of advice that many cybersecurity professionals will proffer is to trust nothing and verify everything. If someone calls you pretending to be from a vendor, supplier, or brand, then check that the number they are calling from is genuine, they advise. Tell the caller you will hang up and call them back, they say. To do this, you can Google the organisation and get the number, they recommend. They are wrong, and here’s just one reason, of many, why.

A new report from Malwarebytes has revealed how brand-impersonation scammers are poisoning search engines with fake listings. Nothing particularly new there, the cybercriminals have been doing this for years. The latest attacks, as evidenced by real-world fraud attempts that have been uncovered by Jérôme Segura, senior director of research at Malwarebytes, start with sponsored search results on Google.

These results take people to fake support sites, with Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal mentioned specifically in the report.

“In the cases we recently found,” report author, Pieter Arntz, said, “the visitor is taken to the legitimate site with a small difference.” That difference is that they land at the help or support section of what appears to be the genuine site, but rather than displaying the legitimate telephone number of the brand concerned, the fraudsters display the number they will be using in their attacks instead.

“The browser address bar will show that of the legitimate site, and so there’s no reason for suspicion,” Arntz warned. “The information the visitor sees will be misleading, because the search results have been poisoned to display the scammer’s number prominently in what looks like an official search result.” Malwarebytes has a “Browser Guard” extension that will display a warning, “Search Hijacking Detected,” in these circumstances.

DuckDuckGo Browser Update Could Help Amazon And Other Shoppers

You might also want to look at the browser that you use to access Amazon, especially as the privacy-centric DuckDuckGo has just updated its offering specifically with anti-scam protections that include online shopping threats.

Available and active as soon as you fire up the web browser, DuckDuckGo has a built-in Scam Blocker function that protects against phishing sites and malware. Of particular interest, and new in this latest update, is that it now also guards against “sham e-commerce sites, fake cryptocurrency exchanges, scareware that falsely claims your device has a virus, and other sites known to advertise fake products or services,” according to Peter Dolanjski from DuckDuckGo.

Find out more about how Amazon protects customers from scams and the best way to report an incident here.