2019 Amazon Prime Day Offers: Real or Fake?

Amazon Prime Day 2019 is nearly upon us, and with it, the annual uptick in cyber threats.  The shopping juggernaut starts at 12a.m. PST, Monday, July 15 and ends at 11:59 PST, Tuesday July 16th.  The blitz of promotional emails, online ads, and blogs linked to special deals are not only irresistible to shoppers, but to hackers who feed on high emotions and a sense of urgency.

Here’s the rundown for what to watch out for and what steps can be taken.

Megadeals and Cyber Steals 

Last year, Prime Day pulled in nearly as much in sales as Black Friday, with a flood of discounts on products people suddenly realized they could not live without. After all, who doesn’t need a Segway, iRobot Roomba Vacuum or Thermal Imaging Camera.

With millions of Prime members shopping (inevitably on company networks and devices), phishing threats and online scams pose a threat not only to individual shoppers, but to entire organizations.  Here's one example of a phishing email from last year.

Prime Image 1

Red Flags

If you look at the "From" field above, you will see that this email is obviously not from Amazon. The risk to employers is that employees aren't paying attention to anything other than the fake lure of a $100 credit. This is why security awareness education is so critical. Programs like Phishgoggles.com teach staff how to identify and avoid online scams and through repetition and reinforcement, make awareness instinctual. 

There are other red flags that a communication from Amazon is suspect. Amazon will never ask for the following information in an email:

  • Your bank account information
  • Credit card number
  • PIN number
  • Credit card security code

What to look for in a phishing email or online scam?

Grammatical and Typographical Errors

A legitimate email from Amazon will be error free. Consider any typos and grammar errors a clear indication that the email is malicious.

The Return/Sender address

All authentic Amazon emails will be sent from an email address ending in “@Amazon.com” or an Amazon landing page with a special offer. It is risky to click on what looks like a landing page, because it could be a page replicated by a hacker, and assigned a close, but not real, domain name.

Website Link Previews

Most of the time you can preview a website or email link simply by hovering over the text or button. If the website domain name doesn’t include “Amazon.com” it is not likely to be legitimate.

Amazon Hacker Website Examples*:
  • Sellercentral.amazon.com
  • Security-amazon.com
  • Amazon.com.biz
  • Amazon-mail.com

*Info sourced from: https://sellercentral.amazon.com/gp/help/external/32261?language=en-US&ref=mpbc_15362281_cont_32261

Even a legitimate-looking link can open a website with a different URL. If you click an “official” link and the website loads something else, click away immediately and report the link to Amazon. If you are at the office, report the possible threat to your IT contact. If you are at home, make sure you have anti-virus and anti-malware software on the device you are using to shop before you shop.  

Straight to the Source

Don’t let a tempting promotion obscure your common sense. If you’re curious about a deal offered in an Amazon email, simply go straight to the official website. Any legitimate deal will be promoted on the site.

One last bit of advice: it’s best to do your shopping before or after office hours. If you are caught in a scam, the impact may be bad, but not as bad as bringing down your IT infrastructure at work.


Request our Top 10 Security Awareness Tips


If you’ve found this information helpful, be sure to share this post with the links below.

Marjorie Valin

Marjorie Valin, our VP of Marketing, brings 25 years of marketing and communications expertise to Summit and our clients, across multiple industry sectors including cyber security, associations and nonprofits, higher education, healthcare, financial and legal services. She helps define, direct and implement marketing strategy, content development, social media and communications based on business and branding objectives. From Fortune 500 companies to startups, Marjorie provides our clients with a depth of consulting expertise that extends well beyond IT and security.

Related Posts


Sign up for Our Blogs

Latest blogs