Fake Amazon Shopping App Download Scam
Criminals distribute counterfeit Amazon shopping apps through phishing SMS links and unofficial app stores that look identical to the genuine app but harvest Amazon login credentials, payment card data, and device permissions.
Part of: Fake App Downloads
Last reviewed: 8 June 2026
Amazon's mobile app is one of the most-downloaded shopping apps globally, and its near-ubiquitous installation on smartphones makes it an ideal identity for fake-app campaigns. A counterfeit Amazon app that closely replicates the genuine interface will not raise suspicion when launched — the familiar orange interface and search bar feel entirely expected.
Fake Amazon apps are distributed through phishing SMS messages claiming a package delivery issue, a deal that is only accessible through a link, or an account security requirement. The link leads to a download page that may mimic the Google Play or App Store listing, encouraging Android users to sideload or iOS users to install through a provisioning profile.
Once installed, the fake app captures Amazon login credentials, payment card details entered for purchases, and in some cases requests device permissions — camera, contacts, SMS — that enable deeper data harvesting beyond the Amazon account itself.
How this scam works on the Amazon brand
A victim receives a text claiming their Amazon order has a delivery issue that requires them to download the latest Amazon app to reschedule. The link opens a page that resembles the Google Play listing for Amazon Shopping, with convincing screenshots and fake reviews. Android users are invited to allow installation from this source; the download is a malicious APK.
When the victim opens the fake app and signs in, their Amazon credentials are silently sent to the attacker while the fake app may show an error or redirect to the real amazon.com — enough to explain away the unusual experience. With credentials in hand, the attacker accesses saved payment methods and places orders to reshipping addresses.
Some variants install spyware that persists on the device. The spyware monitors all entered credentials across any app, turning a single Amazon credential capture into a long-term device compromise affecting banking, email, and social media.
Common red flags
- A text or email about an Amazon delivery issue includes a link to download an app rather than directing you to your account
- The download link leads to a page outside the official App Store or Google Play — even if it looks similar
- The app requests permissions unrelated to shopping: SMS access, contact reading, or device administrator rights
- After signing in, the app shows a loading error or immediately redirects to amazon.com in a browser
- You receive genuine Amazon two-factor codes you did not request, suggesting the fake app is logging in to your real account in the background
- Unrecognised Amazon orders appear on your account, or your saved payment method has been used without your action
How to protect yourself
- Download the Amazon app only from the official Apple App Store or Google Play Store, searching directly by name
- Enable Amazon two-factor verification so credential theft alone cannot access your account
- Review your Amazon account's saved payment methods and recent orders regularly for unrecognised activity
- Disable sideloading on Android by keeping 'Install unknown apps' disabled in security settings
- Check the app publisher name after installing — the genuine Amazon app is published by Amazon Mobile LLC
- If you receive an unexpected Amazon two-factor code, treat it as an active takeover attempt and change your password immediately
How to report it
- Report the fake app to Amazon at [email protected] and via the Report Phishing link on amazon.com
- Report the malicious app to Google Play or Apple App Store using their abuse reporting channels
- File a complaint with the FTC at reportfraud.ftc.gov
- If device compromise is suspected, reset the phone to factory settings and change passwords for all accounts accessed on the device
Frequently asked questions
What makes a fake Amazon app hard to detect?
High-quality fakes replicate the genuine interface precisely, including the orange colour scheme, search functionality, and product imagery. The tell is where you downloaded it from and what permissions it requests.
I installed a suspicious Amazon app and signed in. What should I do?
Immediately change your Amazon password, revoke all active sessions in Amazon account security settings, review saved payment methods, and run a security scan on your device. Contact your bank if any fraudulent charges appear.
Can the fake app infect my phone beyond the Amazon account?
More sophisticated variants install spyware that persists after uninstalling the fake app. If you suspect device-level compromise, perform a factory reset and reinstall only apps from official stores.