Researchers caution that almost 7,000 counterfeit Amazon domains have been registered in anticipation of Prime Day 2026.

Researchers caution that almost 7,000 counterfeit Amazon domains have been registered in anticipation of Prime Day 2026.

      TL;DR: Check Point discovered 6,843 counterfeit Amazon domains prior to Prime Day, with phishing emails and fake storefronts targeting consumers in 22 nations. Cybersecurity experts have found nearly 7,000 fraudulent Amazon-related domains registered within the six months leading up to Prime Day 2026, starting on June 23. Check Point Research monitored 6,843 new domains created from December 2025 to May 2026, noting a spike to 1,446 registrations in April, followed by 1,267 in May. Of these, 9.2% were deemed malicious or questionable. The rate of fraud increased significantly in early June; during the first week, one out of every 13 new Amazon-themed domains was flagged, as per Check Point’s findings.

      Prime Day 2026 is scheduled from June 23 to 26 across 22 countries, with four more regions joining later in the summer, according to Amazon's official event page. The extended four-day period and its global scope make it an attractive target for phishing attacks, reminiscent of patterns observed during the FIFA World Cup, which saw over 13,000 fraudulent domains emerge in the months leading up to the event.

      The phishing operations involve counterfeit Amazon storefronts to capture credit card information, fake login pages designed to steal account details, and email campaigns with subjects like “Refund Due, Amazon System Error” that lead recipients to phony websites. One campaign identified by Check Point utilized a sender address that closely mimicked Amazon’s customer service domain, making it difficult for casual inspections to detect.

      A significant number were aimed at Spanish-speaking consumers. Check Point discovered 46 domains registered with the “amazoncredito” pattern, all linked to one registrant, targeting Latin American markets where Amazon is expanding its Prime services. Five out of six “amazon-prime” top-level domain variants had already been classified as malicious at the time of the report.

      While these tactics are not new, their scale continues to increase. Google recently filed a lawsuit against a Chinese cybercriminal group using AI to create phishing code and operating one million fraudulent domains, showcasing the low cost and high automation of domain-based fraud. Check Point’s findings indicate that Amazon-themed schemes are following a similar industrial pattern, with thousands of domains registered months in advance and activated as major shopping events draw near.

      Check Point advised consumers to type amazon.com directly into their browsers instead of clicking links in emails or advertisements, enable two-factor authentication on their Amazon accounts, and regard any unsolicited refund notifications as suspicious. They also recommended checking for HTTPS and padlock icons, although they noted that fraudulent sites increasingly employ valid SSL certificates to seem legitimate.

      The timing is crucial since Prime Day has evolved into one of the largest online shopping events worldwide, generating billions in revenue and attracting millions of first-time buyers who may not be well-versed in phishing risks. Amazon has not provided any public response to Check Point’s findings.

Other articles

Google allocates $75 million to A24 as DeepMind initiates a research partnership focused on AI filmmaking. Google allocates $75 million to A24 as DeepMind initiates a research partnership focused on AI filmmaking. Google is investing about $75 million in A24, the independent studio responsible for Backrooms, as part of a new collaboration with its DeepMind AI laboratory. Instagram is making its way into your living room with episodic series and live TV on Samsung devices. Instagram is making its way into your living room with episodic series and live TV on Samsung devices. Instagram for TV is broadening its reach to Samsung smart TVs and is experimenting with episodic series, live broadcasts, and horizontal video as Meta aims to enter the living room market. Google has invested $75 million in A24 as DeepMind initiates a research partnership focused on AI in filmmaking. Google has invested $75 million in A24 as DeepMind initiates a research partnership focused on AI in filmmaking. Google is investing approximately $75 million in A24, the independent studio responsible for Backrooms, as part of a new collaboration with its DeepMind AI laboratory. Kodak Charmera is launching a new $30 keychain camera that features a flip screen for taking selfies. Kodak Charmera is launching a new $30 keychain camera that features a flip screen for taking selfies. Yashica’s Funtastic Keychain Camera is a compact digital camera featuring a 180-degree flip screen, a 1MP sensor, USB-C charging, and a variety of character-themed designs. Researchers have warned that almost 7,000 counterfeit Amazon domains have been registered in anticipation of Prime Day 2026. Researchers have warned that almost 7,000 counterfeit Amazon domains have been registered in anticipation of Prime Day 2026. Check Point Research observed 6,843 newly registered Amazon-themed domains since December, with one out of every 13 identified as malicious in just the first week of June. Nothing's most recent teaser implies that its budget lineup isn't finished; it's merely undergoing a rebranding. Nothing's most recent teaser implies that its budget lineup isn't finished; it's merely undergoing a rebranding. Soon after putting a CMF budget phone on hold, Nothing has hinted at a possible successor named the Nothing Phone 4b.

Researchers caution that almost 7,000 counterfeit Amazon domains have been registered in anticipation of Prime Day 2026.

Check Point Research identified 6,843 new domains related to Amazon since December, with one out of every 13 being marked as malicious in just the first week of June.