Nearly 7,000 fake Amazon domains registered before Prime Day 2026, researchers warn
The TL;DR
Check Point found 6,843 fake Amazon domains ahead of Prime Day, with phishing emails and fake store locations targeting shoppers in 22 countries.
Cybersecurity investigators identified nearly 7,000 fraudulent Amazon domains registered in the six months leading up to Prime Day 2026, which begins on June 23. Check Point Research tracked 6,843 new domains created between December 2025 and May 2026, with registrations increasing to 1,446 in April and remaining high at 1,267 in May.
Of all the percentages, 9.2 percent were classified as malicious or suspicious. The level increased significantly at the beginning of June: during the first week of the month, one out of 13 newly registered domains with Amazon titles was flagged, according to Check Point’s analysis.
Prime Day 2026 runs from June 23 to 26 in 22 countries, with four additional markets joining later in the summer, according to Amazon’s official event page. The extended four-day window and global reach make it a prime target for phishing activities, following the same season’s playbook researchers wrote for the FIFA World Cup, where more than 13,000 fake domains appeared months before the games began.
💜 for EU tech
The latest talk from the EU tech scene, a story from our genius founder Boris, and some incredible AI art. It’s free, every week, in your inbox. Register now!
Phishing infrastructure includes fake Amazon stores designed to harvest credit card numbers, malicious login pages that steal account information, and email campaigns with subject lines like “Refund Due, Amazon System Error” that direct recipients to fake sites.” Check Point flagged one campaign using a sender address that mimicked Amazon’s customer service domain closely enough to pass standard checks.
A notable collection was aimed at Spanish-speaking consumers. Check Point identified 46 domains registered under “amazoncredito” pattern, all linked to one registered person and aimed at Latin American markets where Amazon has been expanding its core membership. Five out of six “amazon-prime” top-level domain variants had been defined as malicious at the time of the report.
The tactics are not new, but the quality keeps growing. Google recently sued a Chinese cybercrime ring that used AI to generate phishing code and used a million fake domains, showing just how cheap and automated domain-based fraud has become. Check Point’s findings suggest that Amazon’s themed activities follow a similar industry pattern, with thousands of domains registered months in advance and activated as shopping events approach.
Checkpoint recommended that shoppers type amazon.com directly into their browser rather than clicking links in emails or ads, enable two-factor authentication on their Amazon accounts, and treat any unsolicited return notice as suspicious. The company also advises checking for HTTPS icons and locks, although it notes that fake sites are increasingly using valid SSL certificates to appear legitimate.
The timing is important because Prime Day has become one of the biggest online shopping events in the world, bringing in billions in revenue and attracting millions of first-time hunters who may be less familiar with phishing tactics. Amazon has not publicly commented on Check Point’s findings.
