The NJCCIC identified a campaign that mimics Amazon Prime membership renewal notices. These messages claim the current payment method on file is invalid and set a short deadline for renewal. Although the email’s display name appears as “Prime Notification,” the actual email address is not associated with Amazon. An Amazon Prime logo is included in the email to add legitimacy.

The messages include a URL that directs users to a fake Amazon authentication page, followed by a page that claims the account owner needs to be verified before continuing with the renewal. If users click the “Continue Verification” button, they will be directed to a site designed to harvest their credentials, payment details, and personally identifiable information (PII).

Recommendations

• Exercise caution with communications from known senders or legitimate platforms.
• Confirm requests from senders via contact information obtained from verified and official sources before taking action, such as clicking on links or opening attachments.
• Navigate directly to legitimate websites and verify before submitting account credentials, providing personal or financial information, or downloading files.
• Enable multi-factor authentication (MFA) and keep systems and browsers up to date.
• If sensitive information was entered, change passwords for compromised accounts, monitor for unauthorized activity, and review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources, including credit freezes.
• Users who submitted credit card information to this webpage are advised to contact their banking institutions to report any fraudulent transactions.
• Report malicious cyber activity to the NJCCIC and the FBI’s IC3.