Cookie policy
Follow this topicFollow this topic Knowledge » Scams

Watch out for this Amazon scam!

Robert Powell
by Lovemoney Staff Robert Powell on 06 December 2011  |  Comments 37 comments

A phishing scam targeting Amazon customers is doing the rounds - find out how to avoid becoming a victim...

Watch out for this Amazon scam!

Phishing e-mails have been around for years, and as we all get wiser to them – the scammers are getting sneakier.

Phishing is where you receive an e-mail that appears to be from an online shop or financial institution asking you to confirm or reset your account details. The e-mail will usually provide a link that will take you to a site where you can input personal information. This is in fact a fake phishing site designed to pinch your details and defraud you.

E-mails purporting to be from banks and building societies are the most common form of phishing – but in the last year, a new type of scam e-mail has begun arriving in inboxes around the country...

The scam

Fraudsters are sending out masses of e-mails that at a first glance look like they are from the online retailer Amazon. They will come from an official looking address and will often have the Amazon logo on.

The e-mail will contain one of a selection of official sounding stories – all fake, of course! It may you tell that your credit card has been declined, or a recent order has been cancelled or that you need to re-register on Amazon due to an internal shake up.

There will be a link provided in the e-mail directing you to a website that looks like Amazon where you can re-register and input your card details to successfully complete your order. But this is the phishing site! If you do input any details they will be sent straight to the fraudster and you can kiss your gleaming credit record goodbye!

Obviously the fraudsters don’t know whether you shop at Amazon or not, as the e-mail is sent out to addresses at random. They’re basically betting on the fact that, because millions of people use the shopping site, a good chunk of their phishing e-mails will reach an Amazon customer.

Don’t become a victim

First off, e-mails from Amazon will never ask for personal information such as bank account and credit card details, pin numbers, passwords or VAT numbers. So if you do receive an e-mail purporting to be from Amazon that asks for any of these things – you know something isn’t right.

The same goes for payments – Amazon only uses its own marketplace tool to process transactions and card details. Check the URL of any link provided in an e-mail by hovering over the linked word with your mouse – genuine sites will always begin with http://www.amazon.co.uk, https://www.amazon.co.uk or http://s1.amazon.co.uk. If the URL contains combinations of words like security-amazon.co.uk or amazon.com.biz, then it’s probably a phishing site.

It’s also always worth checking the address the e-mail has been sent from. Genuine emails will end in either @amazon.co.uk or @amazon.com. Most scammers will use the word amazon in the e-mail address – but they will often end with name of another internet service provider, for example @hotmail.co.uk or @msn.com.

A poorly written e-mail with bad grammar and spelling mistakes is a further sign of a phishing scam, as they are often translated from another language and are not usually proofread. How the message addresses you may also be a further give away – needless to say alarm bells should ring if you receive an e-mail that begins ‘Dear Amazon customer...’!

The safest way to reliably check if an Amazon order has been cancelled is to go direct to amazon.co.uk, sign in using your password, and click onto your order history.

If you think you have received an Amazon scam e-mail, your best bet is to e-mail stop-spoofing@amazon.com and attach the suspicious e-mail.

Other phishing scams

Phishing e-mails pretending to be from financial institutions are very common; you can find out about one recent scam at Beware this new tax scam.

Many fraudsters are now also targeting PayPal, eBay and AOL users. These phishing e-mails will contain a similar bogus story to the Amazon e-mails – asking you to update or re-enter account details.

The AOL phishing e-mail is particularly sneaky, as the fraudster will often state that you will lose your e-mail address or internet connection if you don’t update your account in the next two days. But don’t fall for this threat – it’s just an attempt to scare you!

Just as with Amazon, AOL, PayPal, eBay and all banks will never ask for personal information over e-mail and they will certainly never use threatening language. For some further tips on how to avoid phishing fraud read Eight ways to spot a phishing scam.

The ‘unsubscribe’ scam

Amazon have also been warning customers never to click the unsubscribe link in an unknown e-mail, as many spammers use this to create a list of active accounts – which they will then bombard with more phishing e-mails.

If you do want to unsubscribe from an Amazon mailing, you should change your communication settings within your official account.

Let us know

Have you ever fallen for a phishing scam? Or have you received any particularly sneaky fraudulent e-mails that you think everyone should know about?

Share your thoughts in the comment box below.

This is a classic article from 2010, which has been updated.

More: Wise up women or get scammed silly online! Scammers exploiting protection meant for you!

 

Enjoyed this? Show it some love

Twitter
General

Comments (37)

  • JackJones
    Love rating 2
    JackJones said

    This article is HILARIOUS!!!! After telling us to NEVER click through links in emails (don't forget you got to here by following a link from a daily newsletter email) the author then embeds links to Amazon in the story!!

    It is because people like Love Money embed links that customers think they are OK to follow, which makes them even more susceptible to phishing attacks!

    For more information on my views please see my website www.sendmeyourbankdetailsplease.co.uk

    Nice try LoveMoney, but 0 out of 10 for basic intelligence.

    Report on 07 December 2010  |  Love thisLove  0 loves
  • richyrich
    Love rating 1
    richyrich said

    If ebay, Amazon or anybody else want anything from me then I can simply confirm that my typing in their www. web address and not following links, every time.

    I follow the Lovemoney links in my email because the real Lovemoney does not have my bank details, so a phishing email that asked me for financial details and purportrd to be from Lovemoney would ring alarm bells.

    Report on 07 December 2010  |  Love thisLove  0 loves
  • neilgorin
    Love rating 1
    neilgorin said

    Are you sure this site isn't the Mail or the Express?

    A problem blown out of all proportion, and YOU being a victim of fraud - since when did that affect your credit rating.

    Report on 07 December 2010  |  Love thisLove  1 love
  • electricblue
    Love rating 643
    electricblue said

    Yet again, up to the minute, incisive reporting - NOT !!

    'Doing the rounds recently' - well yes it has - but actually on and off for at least the last FOUR YEARS. This is simply an online version of the 'We tried to deliver a parcel' scam. 

    Report on 07 December 2010  |  Love thisLove  0 loves
  • petersimpson2000
    Love rating 0
    petersimpson2000 said

    Phone call I received recently started with " how do I pronounce your surname" and "your first name is ?" then progressed to "Do you still use on line banking?" I ws not that stupid and told him to go away!! then hung up

    Phishing in another form!

    Report on 07 December 2010  |  Love thisLove  0 loves
  • Oracle97
    Love rating 3
    Oracle97 said

    Not quite phishing but fraud just the same, and it applies to Amazon customers (as well as customers of other retailers), so I hope I'll be forgiven for mentioning it here.

    For a long time I've been hoping to find a way of letting people know that the cashback site, cashbacking.co.uk (NOT casbackkings.co.uk) must be making a fortune by inviting customers to make purchases through its site for cashback.

    But this is a cashback site that doesn't pay out.

    Having searched online I see I am not the only person to have found this out, but unfortunately nobody with any clout (not even lovemoney!) has pursued the matter, determined the extent of the problem and discouraged people from using cashbacking. Because I stopped as soon as I could see things were not right, I have not lost out by much, but as this is about the only cashback site to list Amazon, I suspect it may draw many customers and then rake in the comission for itself.

    Amazon has confirmed that cashbacking.co.uk is an 'associate', but does not seem concerned that its customers are being ripped off by this company. Please don't use it, and please spread the word. Are there others who have experienced cashbacking?

    Report on 07 December 2010  |  Love thisLove  1 love
  • grumpyoldman
    Love rating 0
    grumpyoldman said

    Dear JackJones,

    Where's your website www.sendmeyourbankdetailsplease.co.uk gone? You say 'never click through links' and then give us a URL. I copied and pasted, but it site isn't available. Was it ever? Or was it a clever double-bluff phish?

    Otherwise agree with your comments.

    Report on 07 December 2010  |  Love thisLove  0 loves
  • Palefire
    Love rating 10
    Palefire said

    For heaven's sake!! It's EASY!!! NEVER EVER EVER follow links!! It's that simple. Type the proper address into your browser, or Google it. And repeat this mantra "don't click on unsolicited emails, don't click on links, don't click on unsolicited emails, don't click on links........" etc etc ad infinitum.

    Same with phone calls where they say they're from Sky then ask you if you have a Sky box.

    Same with automated calls telling you you have a package in a depot you've never heard of, you just have to press 1 to give your financial life away.

    Same with pop ups claiming to have found a fault on your computer.

    Rule number one when you go out into the interweb is TRUST NOTHING!!!

    Are you writing these columns for 3 yearold children?

    Report on 07 December 2010  |  Love thisLove  0 loves
  • easygoing
    Love rating 156
    easygoing said

    No Palefire they are writing them for the people who are forced to use the internet and/or are new to it. Some people commenting on this site are arrogant enough to assume that everyone using the web is as savvy as they are or are stupid. It is hard to get anywhere these days without being cajoled or blackmailed into visiting 'our website'. Every day more people are taking the plunge and doing things that are alien to them. It is for these people that lovemoney articles are most useful. I say again to the complainers, if you know it all already why are you here? If you are here just to nitpick don't you have something better to do?

    Report on 07 December 2010  |  Love thisLove  2 loves
  • Mike10613
    Love rating 599
    Mike10613 said

    If you are in the UK and get an email from Amazon.com instead of Amazon.co.uk it is a SCAM! I was on Japanese site and by accident I clicked an advert - it directed me to the UK server; Amazon.co.uk. It is a poorly written article and should have been rejected by the editor; but young writers have to learn...

    Report on 07 December 2010  |  Love thisLove  0 loves
  • electricblue
    Love rating 643
    electricblue said

    easygoing - who gave you the brief on the purpose of these articles? Surely it's supposed to be a general interest blog with new information, not a re-hash of stuff which has been around for years. If the purpose of the site is to educate newbies there should be articles listing ALL the long running scams and email frauds and a general advice section for newcomers to the internet. People on here aren't patronising. I think most of us appreciate the genuine news and research, but for some time it seems that many of the interesting contributions come from responses to articles, not the supposed journalistic endeavour. 

    Report on 07 December 2010  |  Love thisLove  1 love
  • ticktock
    Love rating 34
    ticktock said

    Ouch!  This morning I had a mail from Amazon--- about an order placed last night saying that my card details did not go through, and to re-charge my card.

    It seems OK as I went through google to the Amazon site and it had the full details of my order plus my card details for me just to click on without entering further details. I shall have to wait and see but, I did call my credit card company first and they said why and what the problem was.

    Report on 07 December 2010  |  Love thisLove  0 loves
  • Palefire
    Love rating 10
    Palefire said

    I clicked through, http://www.lovemoney.com/profile/easygoing.aspx because I thought Lovemoney was telling us something new and useful about internet fraud. I then read an article that really ended up saying nothing that anyone who is careful couldn't figure out for themselves.

    No-one is "Forced to use the internet" and there are plenty of sources of information clearly entitled to attract new users. These are usually under headings such as "Internet do's and don't's for beginners" etc. This article should have been entitled "If you are new to the net, then read this to avoid being phished". Yet again, a headline article on a site that clearly wants to attract the savvy "Fools" as they are nicknamed, has turned out to be a lame rehash of old news.

    Report on 07 December 2010  |  Love thisLove  0 loves
  • JackJones
    Love rating 2
    JackJones said

    "Where's your website www.sendmeyourbankdetailsplease.co.uk gone? You say 'never click through links' and then give us a URL. "

    Sorry - my ironic post was too ironic for some. This was clearly not meant to be a real link - I thought the clue was in the website name!

    Report on 07 December 2010  |  Love thisLove  2 loves
  • JackJones
    Love rating 2
    JackJones said

    "Every day more people are taking the plunge and doing things that are alien to them. It is for these people that lovemoney articles are most useful."

    I have a really good idea for a phishing scam - I just need to send out emails from Lovemoney with embedded links, reminding readers to check that their online retailers are genuine sites. Then fill the articles with fake links and sit back and coin it in.

    The point I am making is that websites should NEVER encourage users to get used to the idea of clicking through a link to a site where you will then sign in to allow access to your personal details. 

    Report on 07 December 2010  |  Love thisLove  0 loves
  • leah AKA global leah
    Love rating 21
    leah AKA global leah said

    Firstly, I am so sick and tired of every single time I start reading comments on these articles and someone ALWAYS diss "lovemoney" for resending old news. Just because most of us knows the scamming, it doesn't mean everybody else do, so why not just give good inputs rather than continuing to diss this site!?!?!?!

    Sure, they are articles that's been sent to me that is irrelevant to me, but it doesn't mean that it is for everybody. I've had phishing emails from Ebay, Paypal, every single bank in UK as well as USA and Africa, DHL and even Royal Mail, not got one from Amazon just yet, but I'm sure it won't be long before I will. The easiest way to spot whether it is actually a phishing email is how the company addresses you. "Dear Miss X" will be a genuine one, but "Dear customer" will more than likely be some site that's trying to get your personal details.

    This may seem obvious to the people that has been using the internet for a while, but not the people that haven't, and this is merely a "warning" to newbies. Lovemoney has the ".com" address, but does that make it a fraudulent site?

    Report on 08 December 2010  |  Love thisLove  2 loves
  • The Bank Manager
    Love rating 72
    The Bank Manager said

    I agree with those bloggers who comment upon others that are knocking the story.

    Lovemoney is a site that I'm sure many new people link into every day/week, as well as those, who having apparently read all of the 're-hashed' stories, no longer have the site in their favourites.

    Look, if you don't like what's being reported, don't read it any further.

    I appreciate we live in a democracy and everyone has a right to voice an opinion, but if this were not the internet, would you be buying a paper each day and when you didn't like the article you read, you'd write to the Editor to express your dissatisfaction? Unlikely!

    Get off your negative 'I'm about to slag you off' bandwagons and if you don't agree with the content of the story, make a constructive argument, NOT a petty one.

    New readers (those that are much younger than some of the 'regular' bloggers) may just be finding out about these scams and when reviewing the negative comments made, may think that this site is simply pathetic, given the shallow banter and bitching going on.

    Let's stop this now please.

    I know that I'm going to be getting some stick for my own comments, but I'm at least being rational/practical. C'mon, I have broad shoulders....

    Report on 08 December 2010  |  Love thisLove  4 loves
  • msmoneywise
    Love rating 27
    msmoneywise said

    Hey, it's coming up to Christmas, children! NO fighting. If you have read it all before, stop when you see it is a repeat/rehash, OK? Someone else may be seeing it for the first time.

    I agree with global leah and the Bank Manager, don't nit-pick and stop criticising. Love-money do a good job and deserve some thanks for the service(s) they provide.

    Merry Christmas to all at Love Money, and a happy New Year. Let's hope 2011 brings more cheer than 2010 did.

    Report on 09 December 2010  |  Love thisLove  1 love
  • Donna Ferguson
    Love rating 130
    Donna Ferguson said

    Thank you for all your comments. I can see where some of you are coming from - it must be frustrating to think you're going to learn something new, only to find you know about it already. But I think this Amazon scam is very important to be aware of at Christmas, and as some of you have pointed out, we are trying to cater for a balance of old and new readers. Furthermore, we have a weekly scams blog where Tony Levene writes about the new scams he encounters every week. That is always full of fresh scams so we really are trying our best to keep you up-to-date on this topic.

    We wish you all a Merry Christmas as well and a Happy New Year too! :)

    Report on 09 December 2010  |  Love thisLove  1 love
  • philc
    Love rating 0
    philc said

    Did anyone else read the title and think it was Amazon doing the scamming? :-)

    Report on 09 December 2010  |  Love thisLove  0 loves
  • owainbaber
    Love rating 0
    owainbaber said

    ' Genuine emails will end in either @amazon.co.uk or @amazon.com. ' This isn't always true, anybody can set up a mail server, costing nothing, to send emails from these domains.

    Report on 09 December 2010  |  Love thisLove  0 loves
  • electricblue
    Love rating 643
    electricblue said

    Err no the emails will NOT be sent from those genuine domains, they will be sent using forged headers and the 'View source' option should enable you to see exactly what oddball domains were sent from.

    OK - let me make a constructive suggestion based on experience with many email systems and years of following through to try and have these scammers stopped :

    Use Googlemail as your email system, even if you have another email address point to your Googlemail account. I have found the spam and phishing detection in Google to be almost faultless and you can easily check the spam folder for the odd genuine message which gets trapped then quickly delete the plethora of emails from all those Nigerians and Russians. I've found that less than one in a hundred of these scam emails even gets through into my inbox now. You can, of course, use Googlemail with Outlook, Outlook Express or Thunderbird - or just leave it as on online service with all your messages archived. 

    Report on 09 December 2010  |  Love thisLove  0 loves
  • leah AKA global leah
    Love rating 21
    leah AKA global leah said

    Thing is, nowadays, links are so easily created to make it look real.. for example.

    www.amazon.co.uk  <--- This looks genuine doesn't it, but without clicking on it, just hover your mouse over it, and you will see that I have actually put a false address to it, it IS as easy as that. This is one of the easiest way to spot a false address.

    The scammers from Paypal are one of the good ones I've seen.  www.paypals.com  <--- again, please don't click on it, but since when Paypal has a "s"? It's little things like that some people don't pay attention, then end up giving details to someone that they would never in a million year otherwise.

    A few sites, including Paypal has now got a programme that you can download so when a genuine email comes from them, it has a green check on it, again, it is easy to know whether you have got a genuine or just phishing mails.

    Just to point out one new issue that I have encountered a few days ago, I had a bit of "problem" trying to redeem some nectar points, to which I wrote to nectar, I got a reply and got the problem solved very quickly, but yet the following day, I got not one, but two emails from "them", all gibberish, from me apparently and they only replied as a automated reply, so that just proves it's not just private email users that are getting phishing emails, big companies do too.

    Report on 10 December 2010  |  Love thisLove  0 loves
  • whitedream75
    Love rating 1
    whitedream75 said

    @leah AKA global leah - Well done! You have done what I was about to do as I was reading the comments from people who simply have little idea how email scams work.

    Just because it says one thing doesn't mean its true. The entire message is text - including the header, which says who it is from, etc.

    The best advice I can give you is this:

    Do not trust any email from anyone. Treat all email as guilty until proven innocent - no matter who it is from.

    The basic principle behind every scam email is that the reader assumes it is genuine. If you believe that its genuine they have got you. Not all spam has links in them. For example, they may want you to reply to them.

    As for comments that you should simply not click in any link is simply unworkable. Many genuine emails, such as newletters contain links to special offers and the like. All you need to do it USE YOUR COMMON SENSE. Before you click on a link think; what does the sender want from me? Does this seem genuine? Prove to yourself that the email really is from who it says it is from. Be sceptical!

    Report on 10 December 2010  |  Love thisLove  1 love
  • RocketSteve
    Love rating 30
    RocketSteve said

    I received an email from Amazon.com saying my order was confirmed but the name and address was in the US. It could be a scam to get me to reply with the fact that I had not ordered anything or that the real person had entered an incorrect email address.

    I thought the best option was to go to Amazon's real site and use my account to inform then that the order number in the email I got had the wrong email address. I'm not sure what they can do except write to the guy if real, but I've not had an response back or anymore emails...

    Report on 28 December 2010  |  Love thisLove  0 loves
  • akhtar
    Love rating 0
    akhtar said

    i received so many times this fake emails, next time if anybody get amails saying its from amazon then just forward it to stop-spoofing@amazon.com

    so amazon can do something to stop this.

    Report on 03 July 2011  |  Love thisLove  0 loves
  • Talent
    Love rating 77
    Talent said

    Why would Amazon care??

    Report on 12 August 2011  |  Love thisLove  0 loves
  • yocoxy
    Love rating 132
    yocoxy said

    "Classic article"? Wow

    I guess it's a bit like "another chance to see" has become the euphemism for "repeated tv programme"

    As for the advice from various commenters, You're right it's easy to detect the real linked address by hovering over the link but the best way is to look at the address string when you land on the page. That can never end in amazon.com unless it's amazon.

    You may see something like amazon.reregister.com where the domain reregister.com could belong to anyone but reregister.amazon.com would be amazon.

    Report on 13 August 2011  |  Love thisLove  0 loves
  • nmonline
    Love rating 1
    nmonline said

    The phishers seem to be focusing on Gumtree at the moment - I've recently had several emails attempting to gain personal details. One was for a "Gumtree giftcard", which I think will catch a few people out, as there is a genuine giftcard competition on Gumtree at the moment. I've posted both here for people to see: http://carauctiontruth.blogspot.com/

    Report on 01 September 2011  |  Love thisLove  0 loves
  • MCAS32
    Love rating 9
    MCAS32 said

    One thing which all of these scam or phishing articles seem to omit, is that genuine emails normally start off by using your name. The scam emails tend to start with 'Dear customer' or something similar. If they don't use your real name that should be your very first clue.

    Report on 06 December 2011  |  Love thisLove  1 love
  • jif81
    Love rating 0
    jif81 said

    The same thing happened to me a couple of weeks ago, through my Very account. Got an email, the address looked valid, said there'd been third party access to my account and could I just check through to confirm all ok - a couple of days later 4 digital cameras and 2 sat navs = £1200 had been ordered to a collect+ address in Southampton! Staff were fab and got it all sorted very quickly. Phew!

    Report on 06 December 2011  |  Love thisLove  0 loves
  • DominicStockford
    Love rating 11
    DominicStockford said

    Of course, wise people will not even click on links placed in this series of comments. Do you know who it is? Do you know that it will send you where it claims to? No, you cannot know either, so DON'T CLICK. Just say no!

    Report on 06 December 2011  |  Love thisLove  0 loves
  • Mike10613
    Love rating 599
    Mike10613 said

    People click short URL's on Twitter all the time. It's not that common place for the site to be dodgy. You can hover over links in email and get the real url and the same in a browser; in mine they come up at the bottom of the screen. Users who don't understand urls need to learn fast; but if you don't know where it goes generally speaking don't click. If the click downloads something and you get the keep or discard message; alarm bells should ring and you should discard. You should also run anti virus software, the one from Microsoft is free and there are others that are free and work good.

    Report on 06 December 2011  |  Love thisLove  0 loves
  • jonnie2thumbs
    Love rating 90
    jonnie2thumbs said

    I get emails all the time from amazon.fr

    :P

    Report on 06 December 2011  |  Love thisLove  0 loves
  • jedi44
    Love rating 31
    jedi44 said

    Why do posters here seem to assume that all new readers will be young? From my experience the average 8-year-old is ahead of me and I've worked in computing for 43 years. The real problem is more with the elderly (not meaning to be patronising). It is continually becoming harder to deal with day-to-day business without being told to "just go to our website, blah blah.com". Often, after listening to phone menus for purse-emptying minutes, that will be the advised option. Older people now, quite rightly, take the plunge and can benefit from the internet in the same way as the Lovemoney-bashers do. Please, just give them a break. It's not their fault they weren't brought up in a computer-based world. Hope you're reading this Mum.

    Report on 06 December 2011  |  Love thisLove  1 love
  • mitmystery
    Love rating 0
    mitmystery said

    This title is very misleading, its not Amazon creating these phishing emails. Please change.

    Report on 16 December 2011  |  Love thisLove  0 loves
  • nadia5150
    Love rating 1
    nadia5150 said

    If I receive an email from any company with a link in it, i always go directly to the company website and check my account from there. It does take a couple of minutes longer than clicking the link but ..what price security?

    Report on 16 December 2011  |  Love thisLove  0 loves

Post a comment

Sign in or register to post a reply.

Related content

Our top deals

Credit card
company 		Balance transfers rate and period Representative
APR 		Apply
now

Barclaycard 27Mth Platinum Visa

0% for 27 months (3.5% fee) Representative 18.9% APR (variable) Apply
Representative example: assumed borrowing of £1,200, representative 18.9% APR (variable). Purchase rate 18.9% PA (variable). BT fee is reduced from 3.9% to 3.5% (T&Cs apply).

Barclaycard 25Mth Platinum Visa

0% for 25 months (2.4% fee) Representative 18.9% APR (variable) Apply
Representative example: assumed borrowing of £1,200, representative 18.9% APR (variable). Purchase rate 18.9% PA (variable). BT fee is reduced from 3.5% to 2.4% (T&Cs apply)

Halifax BT 25 Month MasterCard

0% for 25 months (2.5% fee) Representative 18.9% APR (variable) Apply
Representative example: assumed borrowing of £1,200, representative 18.9% APR (variable). Purchase rate 19.0% PA (variable).
W3C  Thank you for using CGWEBLIV2