Amazon Prime users are being warned about a spike in phishing scams where attackers impersonate the company to steal sensitive data such as bank details, login credentials and social security numbers, the New York Post said, citing a top Amazon official.

In a statement earlier this month, Amazon said it had taken down over 55,000 phishing websites and 12,000 phone numbers used in impersonation scams in 2024 alone. The company noted a marked rise in such attempts, especially around fake emails and texts linked to account or order issues.

“Scammers who attempt to impersonate Amazon put consumers at risk," said Dharmesh Mehta, vice president of Selling Partner Services, while speaking to the New York Post. “Although these scams take place outside our store, we will continue to invest in protecting consumers and educating the public on how to avoid scams."

Many of these scams involve emails, texts or calls claiming the user made a purchase they don’t recall, prompting them to share personal details to “verify" the order. According to Malwarebytes, some fake emails also falsely claim that a user’s Prime subscription will auto-renew at a high price, including a bogus “cancel subscription" button that redirects to a fake Amazon login page.

If users enter their details on such pages, scammers can access not just their Amazon account, but any other platform using the same credentials. In some cases, users are also asked to share payment information.

Amazon said it is rolling out measures to help users verify authentic communication. Gmail, Yahoo, and other major email users will now see the Amazon smile logo beside genuine emails. The company also reiterated that it will never ask for payments over the phone or email, and never request gift card purchases.

Users are advised to double-check purchase history on the official Amazon app or website and report suspicious activity directly to the company.