Researchers have warned that almost 7,000 counterfeit Amazon domains have been registered in anticipation of Prime Day 2026.

Researchers have warned that almost 7,000 counterfeit Amazon domains have been registered in anticipation of Prime Day 2026.

      TL;DR Check Point discovered 6,843 counterfeit Amazon domains prior to Prime Day, with phishing emails and fake storefronts targeting consumers in 22 countries. Cybersecurity experts reported almost 7,000 fraudulent Amazon-related domains registered in the six months leading up to Prime Day 2026, starting on June 23. Check Point Research tracked 6,843 new domains created from December 2025 to May 2026, with a peak of 1,446 registrations in April and 1,267 in May.

      Of these, 9.2 percent were identified as malicious or suspicious. The rate sharply increased in early June, with one in every 13 new Amazon-themed domains flagged in the first week of the month, according to Check Point’s analysis.

      Prime Day 2026 is scheduled from June 23 to 26 across 22 countries, with four additional markets joining later in the summer, as stated on Amazon’s official event page. The four-day event and its global scope make it a high-value target for phishing schemes, similar to patterns observed during the FIFA World Cup, which saw over 13,000 fraudulent domains emerge in the months prior.

      The phishing operations include fake Amazon storefronts aimed at collecting credit card information, spoofed login pages to steal account credentials, and email campaigns with subject lines like “Refund Due, Amazon System Error” that lead recipients to counterfeit websites. Check Point highlighted one campaign that used a sender address closely resembling Amazon’s customer service domain, allowing it to evade casual scrutiny.

      A significant number of domains targeted Spanish-speaking shoppers. Check Point found 46 domains registered under the “amazoncredito” pattern, all linked to a single registrant and focusing on Latin American markets where Amazon is expanding its Prime membership. At the time of the report, five of six “amazon-prime” top-level domain variants had already been labeled as malicious.

      While these tactics are not new, their scale is increasing. Google recently sued a Chinese cybercrime ring that employed AI to create phishing code and operated one million fraudulent domains, highlighting the ease and automation of domain-based fraud. Check Point’s findings suggest that operations related to Amazon follow a similar industrial trend, with thousands of domains registered months in advance and activated as shopping events approach.

      Check Point recommended that shoppers enter amazon.com directly into their browser instead of clicking on links in emails or advertisements, enable two-factor authentication on their Amazon accounts, and be cautious of any unsolicited refund notifications. The company also advised checking for HTTPS and padlock icons, although it noted that fraudulent sites are increasingly using valid SSL certificates to seem legitimate.

      The significance of the timing lies in the fact that Prime Day has evolved into one of the largest online shopping events worldwide, generating billions in revenue and attracting millions of first-time deal seekers who may be less aware of phishing strategies. Amazon has not publicly addressed Check Point’s findings.

Other articles

Two cordless massagers designed for those who spend long hours at their desks: Available at a discount for Prime Day. Two cordless massagers designed for those who spend long hours at their desks: Available at a discount for Prime Day. This post is sponsored by SKG. If you’ve ever purchased a device that was ultimately left unused in a drawer, these two products are designed to prevent that from happening. The SKG W9 Ultra 2.0 Lower Back Massager and the G7 Pro Fold 3.0 Neck Massager are currently available on sale on Amazon, and both are intended to […] A Kazakh fund-of-funds has made its inaugural public investment in the startup surge occurring in Central Asia. A Kazakh fund-of-funds has made its inaugural public investment in the startup surge occurring in Central Asia. Alem Capital Management led the $25M final closing of Sturgeon's SEO II fund, marking its first publicly announced regional VC investment as tech investments in Central Asia rise sharply. Instagram is making its way into your living room with episodic series and live television on Samsung. Instagram is making its way into your living room with episodic series and live television on Samsung. Instagram for TV is growing to include Samsung smart TVs and is experimenting with episodic series, live broadcasts on television, and horizontal video as Meta ventures into the living room space. I really like Apple, but this decision regarding watchOS could be the tipping point for me. I really like Apple, but this decision regarding watchOS could be the tipping point for me. My Apple Watch SE 2 is still functioning well. So why does it seem outdated already? Why, Apple, why? Instagram is making its way into your living room with episodic series and live TV on Samsung devices. Instagram is making its way into your living room with episodic series and live TV on Samsung devices. Instagram for TV is broadening its reach to Samsung smart TVs and is experimenting with episodic series, live broadcasts, and horizontal video as Meta aims to enter the living room market. Kodak Charmera is launching a new $30 keychain camera that features a flip screen for taking selfies. Kodak Charmera is launching a new $30 keychain camera that features a flip screen for taking selfies. Yashica’s Funtastic Keychain Camera is a compact digital camera featuring a 180-degree flip screen, a 1MP sensor, USB-C charging, and a variety of character-themed designs.

Researchers have warned that almost 7,000 counterfeit Amazon domains have been registered in anticipation of Prime Day 2026.

Check Point Research observed 6,843 newly registered Amazon-themed domains since December, with one out of every 13 identified as malicious in just the first week of June.