According to the Federal Trade Commission (FTC) Amazon scams are on the rise. They estimate that Amazon scams are up by 500% since last year. Amazon is the world’s largest online retailer and surveys show that users trust Amazon. There are over 310 million users and 200 million Amazon Prime subscribers.
So, it makes sense that hackers and criminals are always looking for ways to take advantage of Amazon customers.
There are many types of scams that target Amazon shoppers, they can come in the form of a phone call, text message, email message, appear on social media or as a browser popup. All of them look like they are coming from Amazon and can be very convincing.
Here are some of the most common scams to watch out for. This is certainly not a complete list as there are numerous scams related to Amazon.
General Phishing and Smishing Scams
The messages can be different, but they all appear to be coming from Amazon and contain links, attachments or phone numbers. Their goal is to steal financial information.
Be suspicious of any message requesting information, don’t respond to the message, instead go directly to your Amazon account and view your order screen. Any legitimate orders or notifications from Amazon will be listed there.
Fake Order Notifications
When you place an Amazon order you will receive an email confirmation. But scammers also send fake confirmations which list items that you did not order.
You should carefully review every email you get to ensure that it is legitimate.
Scammers send these fake notifications hoping that the recipient feels a sense of urgency to respond believing that they have been charged for an order they did not place. The email may contain a phone number or link prompting you to login and verify or cancel your order. What really happens is when you click the link it directs you to a fake Amazon website designed to steal your login credentials and payment information. Calling the phone number will connect you to a cybercriminal.
Fake Prize Notifications
This can come in the form of an email, text message, social media post or browser popup stating that you are eligible to win a prize by completing an Amazon survey.
If the user takes the survey and answers the questions they may be infected with malware or fall victim to identity or financial theft. The questions that are asked can be used to build a profile on the person and this information can be shared with other cybercriminals and passed around on the dark web.
You might also receive a notice that you have won a prize and you are prompted to click a link or call a phone number to claim the prize. Clicking the link can infect your device with malware and steal your personal information. Calling the number will connect you to a scammer.
Another version of the scam may state that you have won a prize and just need to pay a shipping fee. You are prompted to enter your payment information so that they can send you the prize, instead your financial information is stolen.
Suspicious Amazon Account Activity
You receive an email, text message or phone call notifying you that there has been suspicious activity related to your account. It may warn that your account has been locked due to unusual activity. Or it may say that you have made a purchase often citing a large dollar amount. You will be asked to click a link to unlock your account or verify the charge. The link directs you to a fraudulent website designed to steal your login credentials and other personal information.
Fake Invoice
You receive an email containing a fake Amazon invoice. The invoice can look very similar to an actual Amazon invoice. Often the order that is show is for a very expensive item. This is meant to instill a sense of urgency so that the person acts quickly to cancel the order. If you click the link or call the phone number provided you will be asked to provide personal and credit card information to cancel the order and issue a refund. Instead, your information will be stolen and used for fraudulent purposes.
Overpayment Scam
You might get a message stating that you are entitled to a refund for an overpayment or wrongful charge. You will be prompted to click a link to update your payment or contact information. Or it may list a phone number to call. Don’t click the link or call the number. If you do you will be asked for personal information or they may ask for remote access to your computer.
Brushing Scam
Another type of scam is known as “brushing” You receive a package that you never ordered. Usually, the package contains an inexpensive lightweight item that costs very little to ship. There is typically no return address listed on the package.
The scammers use the orders to write fake reviews using the recipient’s name to improve their sales and ratings on Amazon. Since the package was delivered to you it appears that you are a verified buyer.
While this seems somewhat innocent, and you received something for free this should concern you because they have obtained your name and address often because you have been part of a data breach that has exposed your personal information to cybercriminals. The data that has been stolen could be more than just your name and address. It may include your Social Security number, bank account information, credit card information, medical information and usernames and passwords.
Porch Pirate Scam
This can happen if your Amazon account has been compromised. The thief will place an order using your account and then watch for the delivery to show up at your door and they steal the package.
This is especially dangerous because they have access to your Amazon account and payment information.
Fake Amazon Job Offer Scam
Cybercriminals post fake ads for jobs at Amazon. When the victim applies for the job, the cybercriminal may call them and ask for confidential information. Or you might receive a phone call, email, text message or social media message inviting you to apply for a high paying job at Amazon. When you respond a fake Amazon human resources representative will ask you to provide confidential information or ask you to pay a fee to apply.
Prime Video Sign Up Scam
Scammers target Prime Video customers when they are setting up their account. A customer might click on a fraudulent ad or land on a fake website which looks like the Amazon Prime Video setup page. You might be prompted to enter the code displayed on the TV during setup then you are asked to call a phone number to complete the setup. When you call the number they ask for payment information, passwords, or multifactor authentication codes.
Amazon Review Scam
You might receive a message offering payment for writing an Amazon review. You are instead directed to a fraudulent website where you are prompted to enter your username, password, or payment information.
Typosquatting-URL Hijacking
Another tactic is known as typosquatting or URL hijacking. Scammers create fake websites that appear to be legitimate websites for popular businesses. These sites can look very authentic with official company logos and a familiar user interface, but the URL is slightly different than the real web address. If you look closely, you will notice a spelling error, a letter out of place, a missing letter or some other flaw in the address. The domain ending may also be different, for example the .com may be replaced with something else. Typically, someone lands on one of these sites by a simple typo in a web address. You will be prompted to enter your username, password or other sensitive information which leads to identity and financial theft.
How to Protect Yourself
Use antivirus software to protect against malware.
Hover over links and thoroughly inspect URL’s before clicking on them. Look for anything unusual in the address.
Add the sites you visit often to your favorites list in your browser so that you don’t have to type the address each time.
Amazon will not ask for payment or account information in a text message. If in doubt log into your Amazon account using the URL you know to be legitimate. Don’t click on any link sent to you as it can direct you to a malicious website or infect your device with malware.
Anytime you receive a phone call, text message or email message that looks like it is coming from Amazon be suspicious. Don’t respond and instead log into your account. Any legitimate messages from Amazon can be found there.
Never respond to a message asking you to update your payment information. Again, go directly to your Amazon account to make any changes.
Be cautious opening attachments. They are often infected with malware.
If a message prompts you to “click here” to verify your order or payment information, it is most likely a scam.
Never allow anyone remote access to your computer, phone or other devices. Scammers often try to get you to install remote access software so that they can log in and take control.
Always use a credit card when placing an online order. Consider getting a credit card to use strictly for online purchases.
Never search for support phone numbers or email addresses using a search engine. Scammers post fake numbers and email addresses that often show up at the top of the search results listing. If you contact them, it can lead to identity and financial theft. Instead go directly to the Amazon website for support.
Block any phone numbers that are not from a legitimate source.
Enable multi-factor authentication for your Amazon account.
Change your Amazon password regularly and use a strong, unique password for each site you visit. Never use the same password twice.
Use a password manager to store your login information. Keepass is a free password manager.
Don’t trust the caller ID. Scammers spoof phone numbers so that they appear to be from a legitimate company.
What To Do If You Have Been Scammed
Report the scam to Amazon.
Report scams to the Federal Trade Commission.
Report scams to your State Consumer Protection Office.
State Consumer Protection Office
Call your local police department to report the scam and file a police report.
If you have not already done so place a security freeze on your credit reports. This can be done online or by calling the three major credit bureaus, Transunion, Equifax and Experian.
Request an annual copy of your credit report from the three major credit bureaus, space the copies out between the three over the next year. It may take time for fraudulent activity to show up on your reports. By spacing the reports out, you can catch errors early and errors that may take some time to show up. If errors are found report them to the agencies. You are entitled to a free annual copy of your credit report with all three credit bureaus.
Place a fraud alert on your accounts with all three credit bureaus.
Contact the creditors and financial institutions you do business with. Let them know that your accounts may have been compromised. They can refer you to their fraud department who can help you take the appropriate steps to secure your accounts.
Change your Amazon password.
Keep a record of all steps you take to report and document the scam.
The Tech Minimalist 