You could lose an average of $1,000 by falling for an Amazon scam. Here's how to spot an Amazon phishing attack and protect yourself.
Each product we feature has been independently selected and reviewed by our editorial team. If you make a purchase using the links included, we may earn commission.
Advertisement

Many of us have gotten the email (or text, or call)—it looks like it's from Amazon, but something seems off. You might have gotten a text saying you won a raffle, or that there is some suspicious activity on your Amazon account.

Truth is, it's likely the only suspicious activity there is the message itself—because it's a scam. And if you feel like you have been getting a lot more of these spammy calls and texts, you're not alone.

In a recently released report, The Federal Trade Commission says that last year, Amazon was the most frequently impersonated business. About one in three people who reported a business impersonator to the FTC between June 2020 and June 2021 said the person on the other line claimed to be from Amazon.

About 96,000 people said they were targeted, with 6,000 reporting they lost money—an average of $1,000 per victim. Sadly, many of the victims were people 60 years or older, who were four times more likely to report losing money to an Amazon scam—an average of $1,500 according to the FTC's report.

Cyberattacks like these can be harmful to your financial and personal security, and could even lead to identify theft.

"If you don't put yourself through those rigorous checks, you're going to get hit at some point," says Nick Santora, a certified cybersecurity expert and CEO of security awareness training platform, Curricula. "The reality is that it's not 'if' but 'when' a phishing attack will happen."

Here's how you can get better at identifying and preventing such Amazon scams—and what you can do if you do become the victim of one.

Know how to identify Amazon scam calls and messages.

The first step is to know how to identify these scam messages, also known as phishing attacks.

"Email (phishing) or text (SMS phishing, 'smishing') scams are an easy way for hackers to steal money by pretending to be someone you trust," Santora explains.

An example of a phishing attempt could be an email (like the one below), asking you to immediately change your password. There are several ways to tell that this email is fake. First, the sender's email address ends in ".info"—real Amazon emails will always end in "@amazon.com" or any of the emails listed here (some vary by country or region).

Next, Amazon will never ask for your login credentials or other personal information like in the email below. Messages that have a sense of urgency and are asking you to immediately take action are red flags, too. "Email should be used as a notification system, not a shortcut," says Santora. Also, keep an eye out for any spelling or grammatical errors in the message.

Some Amazon phishing attempts may also ask you to pay by gift card or send pictures of gift cards. According to the FTC, if someone asks you to give them the numbers on the back of a gift card, it's a scam.

Amazon Scam Calls

Avoid clicking on links in fake Amazon messages.

Make sure you don't click on any links or attachments in these messages, or download anything. "If there is a link, don't click," warns Santora. Instead, hover over the link to examine the URL and verify the source.

Any texts you get from Amazon saying you have won a prize are also scams, and you should avoid clicking on the link. "This could be a gateway for scammers to gain access to your financial information," says Christopher Liew, CFA and founder of personal finance platform, WealthAwesome.

Liew also says to watch out for any Amazon scammers who contact you about your account being suspended—they will usually request you to install a remote access tool that will immediately restore your Amazon account.

What it really does is allow them easy access to your phone or computer. "This will allow them to look for sensitive information such as log-in credentials for your Amazon account, social media accounts, as well as online banking accounts," explains Liew.

You can defend yourself against phishing attempts by not following any of the instructions in these messages, and by never giving out any personal information online or over the phone. If you have any doubts about your account or about an order, call Amazon directly to verify the information, instead of engaging with the scam call or text.

Amazon has a form where you can report phishing attempts and scams.

Here's what to do if you've been scammed.

Unfortunately, cyberattacks are on the rise. "These scams are increasing due to the growing amount of public information that's available," says Santora.

If you do become a victim of an Amazon phishing attack and have money stolen, report it to your bank or credit card company to see if you can dispute the charges.

You should also report the scam to the FTC, which has a Report Fraud page on its site. Once you file a report here, the FTC might file an enforcement action and try to get your money back.

Be sure to change the passwords to your Amazon account and other important financial and personal log-ins. Overall, the best thing you can do is to stay alert for phishing attempts and know how to verify messages to keep your money and personal information safe.