Update, June 21, 2025: This story, originally published on June 19, has been updated to include more advice from Amazon concerning safeguarding access to the account as Prime Day fast approaches, a worrying move by attackers to trick potential victims, as well as details of an anti-scam web browser you might like to try when shopping online.

If there’s one truism above all others when it comes to cybercriminal hackers, it has to be that they follow the money and the crowd. That is why we see so many attacks that target the likes of Gmail accounts, the Microsoft Windows operating system and, most recently, Facebook passwords. Amazon, as you might expect given its status in the world of online retail, is not immune to this attention. With the retail giant announcing that this year’s Prime Day sales will span four days in July, hackers will already be making their nefarious plans. The badness is that last year, Prime Day attacks increased by 80% over the year before. The good news is that Amazon is ready. Here’s what you need to know.

Forbes16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now

You couldn’t make this up. As I was writing this very article, I received a call from a scammer impersonating Amazon, asking if I had ordered an iPhone 13. Yes, seriously. Precisely the kind of threat that Amazon is warning about, at precisely the moment that I write about hackers making their plans for this year. Obviously, I didn’t fall for it, and neither will you if you take the advice from Amazon that follows shortly.

As Amazon has now confirmed that Prime Day 2025 will take place July 8 through July 11, you can expect to be on the end of such calls, text messages and emails yourself. An Amazon spokesperson told me that “as deals drop, consumers may also drop their guards, making them more susceptible to scams.” And Amazon has the numbers to make the hairs on your back stand up to support this: “In the weeks surrounding Prime Day in 2024,” the spokesperson said, “Amazon customers reported an 80% increase in all impersonation scams that claimed there was an issue with their account.”

Unsurprisingly, as in my case, the top threat tactics included claiming to be from Amazon support and warning that there was a problem with your order, account, or payment. “Impersonation scams via phone calls,” Amazon said, “more than doubled during Prime Day” last year.

ForbesUse These Secret Gmail Addresses To Prevent Hack Attacks — Here’s HowBy Davey Winder

Amazon has shared the following advice for shoppers, both before and during the Prime Day 2025 sales, on how to stay safe from brand impersonation hackers:

ForbesAI Is Behind 50% Of Spam — And Now It’s Hacking Your AccountsBy Davey Winder

One of the pieces of advice that many cybersecurity professionals will proffer is to trust nothing and verify everything. If someone calls you pretending to be from a vendor, supplier, or brand, then check that the number they are calling from is genuine, they advise. Tell the caller you will hang up and call them back, they say. To do this, you can Google the organisation and get the number, they recommend. They are wrong, and here’s just one reason, of many, why.

A new report from Malwarebytes has revealed how brand-impersonation scammers are poisoning search engines with fake listings. Nothing particularly new there, the cybercriminals have been doing this for years. The latest attacks, as evidenced by real-world fraud attempts that have been uncovered by Jérôme Segura, senior director of research at Malwarebytes, start with sponsored search results on Google.

These results take people to fake support sites, with Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal mentioned specifically in the report.

“In the cases we recently found,” report author, Pieter Arntz, said, “the visitor is taken to the legitimate site with a small difference.” That difference is that they land at the help or support section of what appears to be the genuine site, but rather than displaying the legitimate telephone number of the brand concerned, the fraudsters display the number they will be using in their attacks instead.

“The browser address bar will show that of the legitimate site, and so there’s no reason for suspicion,” Arntz warned. “The information the visitor sees will be misleading, because the search results have been poisoned to display the scammer’s number prominently in what looks like an official search result.” Malwarebytes has a “Browser Guard” extension that will display a warning, “Search Hijacking Detected,” in these circumstances.

ForbesCritical Google Messages Security Update For 1 Billion Users ConfirmedBy Davey Winder

You might also want to look at the browser that you use to access Amazon, especially as the privacy-centric DuckDuckGo has just updated its offering specifically with anti-scam protections that include online shopping threats.

Available and active as soon as you fire up the web browser, DuckDuckGo has a built-in Scam Blocker function that protects against phishing sites and malware. Of particular interest, and new in this latest update, is that it now also guards against “sham e-commerce sites, fake cryptocurrency exchanges, scareware that falsely claims your device has a virus, and other sites known to advertise fake products or services,” according to Peter Dolanjski from DuckDuckGo.

Find out more about how Amazon protects customers from scams and the best way to report an incident here.

ForbesFBI Warns Smartphone Users — Do Not Click On SMS LinksBy Davey Winder