Watch out for this Amazon scam!
A phishing scam targeting Amazon customers is doing the rounds - find out how to avoid becoming a victim...
Phishing e-mails have been around for years, and as we all get wiser to them – the scammers are getting sneakier.
Phishing is where you receive an e-mail that appears to be from an online shop or financial institution asking you to confirm or reset your account details. The e-mail will usually provide a link that will take you to a site where you can input personal information. This is in fact a fake phishing site designed to pinch your details and defraud you.
E-mails purporting to be from banks and building societies are the most common form of phishing – but in the last year, a new type of scam e-mail has begun arriving in inboxes around the country...
Fraudsters are sending out masses of e-mails that at a first glance look like they are from the online retailer Amazon. They will come from an official looking address and will often have the Amazon logo on.
The e-mail will contain one of a selection of official sounding stories – all fake, of course! It may you tell that your credit card has been declined, or a recent order has been cancelled or that you need to re-register on Amazon due to an internal shake up.
There will be a link provided in the e-mail directing you to a website that looks like Amazon where you can re-register and input your card details to successfully complete your order. But this is the phishing site! If you do input any details they will be sent straight to the fraudster and you can kiss your gleaming credit record goodbye!
Obviously the fraudsters don’t know whether you shop at Amazon or not, as the e-mail is sent out to addresses at random. They’re basically betting on the fact that, because millions of people use the shopping site, a good chunk of their phishing e-mails will reach an Amazon customer.
Don’t become a victim
First off, e-mails from Amazon will never ask for personal information such as bank account and credit card details, pin numbers, passwords or VAT numbers. So if you do receive an e-mail purporting to be from Amazon that asks for any of these things – you know something isn’t right.
The same goes for payments – Amazon only uses its own marketplace tool to process transactions and card details. Check the URL of any link provided in an e-mail by hovering over the linked word with your mouse – genuine sites will always begin with http://www.amazon.co.uk, https://www.amazon.co.uk or http://s1.amazon.co.uk. If the URL contains combinations of words like security-amazon.co.uk or amazon.com.biz, then it’s probably a phishing site.
It’s also always worth checking the address the e-mail has been sent from. Genuine emails will end in either @amazon.co.uk or @amazon.com. Most scammers will use the word amazon in the e-mail address – but they will often end with name of another internet service provider, for example @hotmail.co.uk or @msn.com.
A poorly written e-mail with bad grammar and spelling mistakes is a further sign of a phishing scam, as they are often translated from another language and are not usually proofread. How the message addresses you may also be a further give away – needless to say alarm bells should ring if you receive an e-mail that begins ‘Dear Amazon customer...’!
The safest way to reliably check if an Amazon order has been cancelled is to go direct to amazon.co.uk, sign in using your password, and click onto your order history.
If you think you have received an Amazon scam e-mail, your best bet is to e-mail firstname.lastname@example.org and attach the suspicious e-mail.
Other phishing scams
Phishing e-mails pretending to be from financial institutions are very common; you can find out about one recent scam at Beware this new tax scam.
Many fraudsters are now also targeting PayPal, eBay and AOL users. These phishing e-mails will contain a similar bogus story to the Amazon e-mails – asking you to update or re-enter account details.
The AOL phishing e-mail is particularly sneaky, as the fraudster will often state that you will lose your e-mail address or internet connection if you don’t update your account in the next two days. But don’t fall for this threat – it’s just an attempt to scare you!
Just as with Amazon, AOL, PayPal, eBay and all banks will never ask for personal information over e-mail and they will certainly never use threatening language. For some further tips on how to avoid phishing fraud read Eight ways to spot a phishing scam.
The ‘unsubscribe’ scam
Amazon have also been warning customers never to click the unsubscribe link in an unknown e-mail, as many spammers use this to create a list of active accounts – which they will then bombard with more phishing e-mails.
If you do want to unsubscribe from an Amazon mailing, you should change your communication settings within your official account.
Let us know
Have you ever fallen for a phishing scam? Or have you received any particularly sneaky fraudulent e-mails that you think everyone should know about?
Share your thoughts in the comment box below.
This is a classic article from 2010, which has been updated.