Amazon is a gigantic player in online sales. It’s estimated that the Seattle-based online e-commerce site will be responsible for roughly 50% of all digital sales during the 2018 holiday season, one of the busiest shopping times of the year in the United States. In other words, one out of every two people shopping during the holiday season will buy something from Amazon.
But Amazon’s very ubiquity has made it a tempting target for cybercriminals and thieves. It’s also widely trusted by consumers, who benefit from the online retailer’s wide choice and speedy deliveries. As a result of the many sales made through Amazon and the trust it has engendered among its customers, scam artists are targeting Amazon shoppers.
A Scam That Sends Fake E-Mail
The most recent scam sends an e-mail to an Amazon shopper telling them that their password needs a reset. One of the most notable elements of the scam is that the e-mail looks very official, using Amazon’s logo. It tells the targeted Amazon shopper to enter their Amazon user ID and new password directly from the e-mail.
But it isn’t Amazon that receives the new password. It’s the cyberthieves who set up and sent the e-mail. Once the target enters the information in response to the scam e-mail, the cyberthieves have the information to their Amazon account.
The thieves often set up Amazon gift cards for themselves, so that they have cash to be spent on Amazon. The gift cards are sent to their e-mail accounts, so they can use it before any theft is noticed. If the target customer has a credit card or debit card associated with their Amazon account, as most people do, the scam artists may shop until the cards are maxed out.
There are several variants to the scam. Sometimes, the cyberthieves set up the e-mail to say that new shipping information is needed or that there is a problem with an existing order.
But in all cases, a crucial element is the same. The e-mail looks official, and asks that the customer’s ID and password be entered directly from the e-mail. Entering it from the e-mail is what allows the cybercriminals to capture the user’s information and use it for themselves.
What Amazon Customers Should Do
Amazon customers need to be aware of the scam. They should never enter any of their account information in response to an e-mail about a problem with an Amazon order. For that matter, they should never enter any account information, of any type, in response to any e-mail, including debit card or credit card information.
If you get an e-mail like this, log out of your e-mail and log in to your Amazon account directly from the company’s web page, www.amazon.com. That page always has up-to-date information on your account and your orders. Customers will be able to see if there is any concern with their orders or shipping address.
If customers do need to change their log-in information, they should always do it directly on the Amazon site, not in response to an e-mail.
Finally, the Amazon site has a “take action” section on their website giving direct information on how to handle suspicious e-mails and scams by cyberthieves purporting to be Amazon. To access the section, click here.
The latest scam is easy to protect against. Customers should never respond to e-mails that look as if they’re from Amazon but always go directly to the Amazon website.
403Tech is one of the Top 50 Managed IT services companies in Canada.