Fake Amazon Prime membership renewal phishing — impersonates Amazon Prime annual renewal notices at $139–179, urges victim to "verify payment" or "cancel" via a link that harvests credentials or card details; Amazon is the #1 most impersonated brand globally (APWG Q4 2024); distinct from order-confirmation and account-suspension signals

Phishing emails impersonating Amazon Prime annual membership renewal notices — claiming the victim's Prime membership auto-renewed at $139–179, or that a payment failed and the membership will be cancelled, with a link to "verify payment," "cancel," or "dispute the charge" that harvests Amazon credentials or payment card details. Key facts: (1) APWG Q4 2024 Phishing Activity Trends Report: Amazon is the single most impersonated brand globally, accounting for 14%+ of all brand-phishing emails; Prime membership renewal lures are categorically distinct from the also-common Amazon order-confirmation and account-suspension lures, targeting a different fear (unexpected subscription charge vs. unauthorized purchase); (2) The $139–179 price point is deliberately accurate to Amazon's real Prime membership fee — scammers update the amount annually to match the current price, making the email far more convincing than generic "your subscription is expiring" messages; (3) FTC 2024: impersonation scams using Amazon's brand caused $660M in reported losses — the highest dollar amount for any single brand impersonation; (4) Legitimate Amazon Prime renewal notices arrive exclusively from @amazon.com addresses, include the last 4 digits of the payment method on file, deep-link to amazon.com/prime/account, and always include a List-Unsubscribe header — they never instruct customers to call a toll-free number and never send billing dispute links to non-Amazon domains. Warning signs: sender domain not amazon.com, no last-4-digits of payment method, link to a non-Amazon domain, urgency about "dispute within 24 hours," missing List-Unsubscribe header on a renewal email.