The Weekly Breach Breakdown Podcast by ITRC: Prime Target - S6E23

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for August 1, 2025. I’m Timothy Walden. Thanks to SentiLink for their support of the ITRC and this podcast. Each week, we examine the latest events and trends in data security and privacy. This week, we’re looking at an Amazon phishing scam that could impact more than 200 million Amazon Prime members. It’s the latest version of a phishing attack that tries to trick you into handing over your login credentials, payment information and more. 

Last month, Amazon sent a warning to its customers about a surge in fake emails related to Prime membership renewals. These emails look like they’re from Amazon and say your Prime subscription is about to renew at a higher price than expected. To fix the issue, the email includes a button that says, “Cancel Subscription.” 

Here’s the problem: that button doesn’t take you to Amazon. Instead, it takes you to a very convincing fake login page. If you enter your username and password there, you’ve just given the scammer everything they need to access your Amazon account. 

From there, they can make purchases, collect your saved payment details and, if you reuse the same password on other accounts, they can break into those as well. Some fake sites even go a step further and ask for additional personal or payment information, which scammers can use immediately or sell to other criminals. 

Amazon says these fake emails are part of a bigger pattern. Over the years, scammers have impersonated the company with bogus refund offers, calls claiming your account has been hacked and other tricks. The goal is always the same: to get you to click, log in or share information. 

What can you do to avoid falling for this Amazon phishing scam? 

• Never click on links in unexpected emails or texts. If you’re not sure if a message is real, go directly to Amazon.com, log into your account and check your Prime status from there. 
• Use Amazon’s Message Center. If Amazon needs to contact you, the message will also appear there, not just in your email inbox. 
• Report suspicious emails or messages to Amazon.  
• Set up multi-factor authentication (MFA) on your Amazon account. Even if someone does steal your password, that extra layer makes it harder for them to log in. 

If you think you may have already fallen for an Amazon phishing scam, act quickly. Change your Amazon password and any other accounts where you used the same one. Then monitor your credit card and bank statements closely and report any suspicious charges right away.  

Also, if you haven’t already, freeze your credit because that blocks someone from misusing your credit. It’s free, easy, and doesn’t impact your credit score. Go to the ITRC’s credit freeze website – FrozenPii.com – to learn more. 

Phishing scams work because they create a sense of urgency and use trusted names, like Amazon, to get your attention. Taking a few extra seconds to stop and verify a message before you act is often enough to avoid becoming a victim. 

If you have questions about how to protect your information or if you suspect you’ve been impacted by an Amazon phishing scam or any other type of identity-related crime, the ITRC is here to help. You can speak with an expert advisor by phone or text, chat live on our website or send us an email during our regular business hours (6 a.m. to 5 p.m. PT). Just visit www.idtheftcenter.org to get started. 

Thanks again to Sentilink for their continued support of the ITRC and this podcast. Please like this episode and subscribe wherever you get your podcasts. We’ll be back next week with another episode of the Weekly Breach Breakdown. I’m Tim Walden. Until then, thanks for listening.