Prime Video Scam
Categories

Prime Video Scam Emails Use Fake Payment Alerts to Steal Personal and Financial Information

A growing wave of Prime Video scam emails is spreading across inboxes in 2025, using urgent payment warnings, mismatched branding, and fraudulent landing pages to trick recipients into clicking malicious links. In many cases, the email appears to come from Prime Video, but the wording references a “Netflix account,” or the message shows Netflix styling while claiming your Prime Video subscription is about to be cancelled. This blending of two major streaming brands is not an accident. It signals a large-scale phishing operation built on recycled templates, stolen graphics, and rotating domains that funnel users into fake security alerts, survey scams, and reward pages designed to harvest personal information and payment card details.

The structure of this Prime Video scam varies by victim. Some users receive messages claiming their Prime Video order failed, that their subscription payment was declined, or that their account will be deactivated within hours. Others receive simplified notifications urging them to “restore access” or “fix payment errors.” The sender names change constantly, including fake variations of Netflix, Prime Video, Amazon, or generic terms like “Customer Support.” None of these emails come from official sources. The senders, domains, and landing pages in this campaign are not associated with Netflix, Amazon, or Prime Video.

How the Prime Video Scam Email Works

prime video opps your payment didnt go through email scam

Although the exact email content may differ, the core pattern remains consistent. The scam begins with a message that attempts to create urgency and pressure the recipient into clicking a link. A common example states:

“[your email] Your Prime Video account will be deactivated today due to non payment. Take action to avoid service interruption.”

The email is sent from an unrelated address such as CkAwRyWhbC@rice.alamantyri.com or fUGwlukncU@biffalojp.com. These domains have no connection to Amazon or Netflix. The scammers rely on brand familiarity rather than technical accuracy. They understand that many users subscribe to at least one major streaming service, and a sudden threat of losing access may cause panic clicking.

The message typically contains a large button or embedded promotional image. Clicking it does not take users to Amazon, Prime Video, or Netflix. Instead, the link directs them to an IP style redirect, such as:

http://119-235-254-100.medbook.ucsc.edu/sdfqsdfqdfgssdfh.html

IP based URLs are popular in phishing campaigns because they are cheap, easy to replace, and often bypass basic domain reputation filters. Once opened, the redirect loads the first fraudulent page.

Fake Account Alert Page

After clicking the email link, users are shown a fake account alert page. In the sample observed, the page mimicked Netflix red styling even though the email referenced Prime Video. This reflects how scammers reuse old templates, swap logos, and mix elements from different companies without fully updating the content.

The fake alert page usually includes the following elements:

  • Brand logos such as Netflix or Prime Video placed at the top
  • A warning about deactivation, cancellation, or failed payment
  • A claim that service will stop “today” unless action is taken
  • A prominent button to “Update payment” or “Verify account”
  • Spelling inconsistencies or mismatched terminology
  • IP style URL or unfamiliar domain in the address bar

The purpose of this page is not accuracy. It is pressure. Scammers want victims to act quickly and follow the phishing funnel without examining the URL or noticing inconsistencies.

From Fake Alerts to Rewards and Surveys

After clicking through the fake account page, victims are often redirected into generic reward or survey websites. These pages may claim that the visitor has won a prize, that they qualify for an exclusive offer, or that they must complete a short questionnaire to continue. These transitions have nothing to do with Netflix, Amazon, or Prime Video. They are part of a larger affiliate driven fraud network that monetizes stolen data, harvested emails, and payment card details.

Examples of elements found on these pages include:

  • Headlines such as “Congratulations, you are the lucky winner”
  • Gift graphics, timers, and progress bars
  • Survey questions unrelated to any real streaming service
  • Popups offering steaks, coolers, toolkits, or tech devices
  • Checkout forms requiring full personal information

One related scam we previously documented used the same flow for a Starbucks themed giveaway: The Starbucks Yeti Rambler Tumbler Reward Scam Uses Fake Emails to Steal Credit Card Information. The structure is nearly identical. Only the branding and bait change.

Why the Email Mixes Prime Video and Netflix

The most notable trait of this scam is the inconsistent use of brand names. A message that claims to be from Netflix may warn about a Prime Video subscription. A message from Prime Video may redirect to templates styled like Netflix. This inconsistency is not a glitch. It is intentional laziness combined with broad targeting. Several factors contribute to this mismatch:

  • Recycled phishing templates. Scammers reuse old Amazon or Netflix phishing pages and simply paste new logos onto them. Many forget to update the wording.
  • Brand blurring. Attackers assume many users subscribe to at least one major streaming service. Referencing two brands at once increases the chance that something looks familiar enough to click.
  • Targeting a wider audience. Combining Netflix imagery with Prime Video text appeals to both subscriber groups at once. The more confusion, the more clicks.
  • Lack of knowledge. Some scam groups outside the US may not fully understand the difference between services, especially when using auto translated templates.

A legitimate company would never mix terminology this way. Any message that references two unrelated streaming services is an immediate red flag.

Red Flags That Identify This Prime Video Scam

While the formatting varies, most versions of the Prime Video scam share clear warning signs. These include:

  • Sender addresses from unrelated domains
  • Brand mismatch between email, text, and landing pages
  • Urgent threats of cancellation “today”
  • Unfamiliar URLs, IP addresses, or strange hostnames
  • Lack of personalization beyond your email
  • Reward offers or surveys appearing after clicking
  • Requests for extensive personal information
  • Fake checkout pages asking for card details

If any of these appear, the safest action is to close the email and visit your account through the official website or app.

Domains and Technical Infrastructure Used in the Scam

This phishing operation uses rotating IP addresses and disposable domains. The purpose is to maintain uptime while avoiding filters. A sample email linked to:

119-235-254-100.medbook.ucsc.edu

From there, traffic moved to generic reward pages. Many of these domains were freshly registered, used privacy protection services, and were hosted with providers known for short lived marketing funnels.

A WHOIS Lookup for similar pages typically shows:

  • Recent registration dates
  • Obscured ownership information
  • Cloud based hosting designed for mass redirects
  • No connection to Amazon, Netflix, or any streaming provider

The infrastructure behind the Prime Video scam is intentionally disposable. Once a URL is blocked, the operators simply replace it with a new one.

How to Protect Yourself from the Prime Video Scam

You can avoid falling for this scam by following a few essential precautions:

  • Never click a link in an unexpected streaming service email
  • Check the sender address for authenticity
  • Look for brand consistency between text and images
  • Navigate to your account manually instead of using email links
  • Be skeptical of rewards or surprise offers
  • Check payment status directly in your Amazon or Netflix account
  • Use security tools that block phishing domains

If anything looks out of place, assume the message is fraudulent.

What to Do If You Clicked the Link

If you interacted with a Prime Video scam email, act quickly:

  • Change your Amazon and Netflix passwords
  • Enable two factor authentication
  • Check your Prime Video payment settings for unauthorized changes
  • Notify your bank if you entered card information
  • Monitor account activity for unusual logins or charges
  • Scan your device with a trusted security tool such as Malwarebytes

Most damage can be contained early if you respond fast.

How to Report the Prime Video Scam

You can report these phishing emails through several channels:

  • Use your email provider’s phishing report feature
  • Report Prime themed versions to Amazon
  • Report Netflix branded versions to Netflix
  • Submit fraud reports to the FTC
  • File complaints with IC3 if you suffered financial loss

Scams spread quickly, so reporting helps limit future victims.

Written by

Sean Doyle

Sean is a tech author and security researcher with more than 20 years of experience in cybersecurity, privacy, malware analysis, analytics, and online marketing. He focuses on clear reporting, deep technical investigation, and practical guidance that helps readers stay safe in a fast-moving digital landscape. His work continues to appear in respected publications, including articles written for Private Internet Access. Through Botcrawl and his ongoing cybersecurity coverage, Sean provides trusted insights on data breaches, malware threats, and online safety for individuals and businesses worldwide.

More Reading

Post navigation

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.