With Amazon Prime Day sales in full swing (running across July 8–11), and with 1 in 5 adults who encounter online scams losing money, there are parallels that consumers need to be aware of.
To assess the current level of risk, Digital Journal canvassed three cybersecurity experts on what to watch out for while shopping.
The first up is Joshua McKenty, deepfake + AI fraud expert, former Chief Cloud Architect at NASA. McKenty places his focus on a new, specific threat: “It’s the season of Nemesis Prime, an evil clone of Optimus Prime in the Transformers universe, who makes insidious scam attacks on Amazon customers across text, email, and voice – often based on shipping and returns, refunds, account expiry, tariffs, or even claims your account has been hacked.”
New forms of attack
He also notes that threats are ever changing: “These scams aren’t last year’s models, so don’t expect spelling mistakes or funky attachments. Nemesis is AI-powered, and fuelled by recent data breaches. They may know your name, your address – even your shoe size”.
In terms of advice, McKenty states: “Protect yourself by checking your Prime membership now, and make sure your address is set correctly and you have a good payment method saved.”
McKenty also recommends: “Set up a good call-blocking tool on your mobile phone, or consider setting “unknown numbers go to voicemail”. Add the real Prime support number to your contact list, and bookmark the real Amazon.com website.”
He concludes with: “Finally, warn your family members. Let them know that you’ll be “Prime timing” it, and that they should ignore any emails or text messages related to Prime, shipping, returns, or refunds. And never buy a gift card for a stranger.”
Malware delivery
Second is Dr. Darren Williams, pioneer of Anti Data Exfiltration (ADX) technology, expert in ransomware and data privacy, Founder and CEO at BlackFog.
Williams issues a general warning: “Amazon Prime Day is a goldmine for cybercriminals. The surge in promotional emails, limited-time offers, and high-volume online activity creates ideal conditions for phishing, malware delivery, and fraudulent transactions. What often begins as a simple consumer scam, like a fake delivery notification or a spoofed Amazon deal, can quickly escalate into credential theft and data exfiltration that puts entire enterprises at risk.”
To demonstrate this, Williams observes: In fact, the retail sector saw a 96% increase in ransomware attacks last year, underscoring how aggressively threat actors are targeting consumer-facing industries. We’re also seeing year-over-year growth in spoofed domains and malicious apps impersonating Amazon and its delivery partners. These threats don’t just exploit individual shoppers; they compromise trust in digital infrastructure.”
In terms of preventative actions, Williams advises: “Consumers and businesses need to heighten their vigilance. Be cautious of emails from unfamiliar or slightly altered domains, avoid clicking on promotional links directly from messages, and verify the legitimacy of apps before downloading. Ensuring devices are up to date and security solutions are active is essential, but so is educating users to spot the social engineering tactics that drive these attacks. Cybercriminals are counting on speed and distraction; security requires attention to detail and a Zero Trust mindset.”
Suspicious email
The third and final view comes from Julien Richard, VP of InfoSec of Lastwall, a leader in identity-first security and quantum-resilient solutions.
Richard similarly outlines the concerns: “Amazon Prime Day isn’t just a shopping event – it’s an opportunity for attackers. Most of us have seen at least one suspicious or fake email. Maybe it’s a delivery notice, a message from a trusted brand, or a vague work request with just enough urgency to make someone act before thinking. These used to be easier to spot. Now, they’re evolving.”
There are some attacks to be aware of: “The next wave of phishing is more subtle. A short note saying your package has arrived might not raise any red flags, especially around Prime Day. But it still gets the click. That’s the point. Attackers aren’t just spoofing big brands anymore; they’re mimicking the tone, timing, and casual language of real people. AI is making that easier – not to sound perfect, just believable enough.”
Further with email attack, Richard advises: “These emails won’t look suspicious, they’ll look like a regular Tuesday. The usual advice still applies, but vigilance matters more than ever.”
Here’s how to stay safe:
- Double-check email domains, not just the sender’s display name.
- Be cautious with routine-looking messages that contain links or attachments, especially during peak shopping events like Prime Day.
- Don’t reuse passwords across personal and work accounts. A breach in one can compromise both.
- Pause before you click. Phishing often succeeds not because it’s sophisticated, but because it’s well-timed.
