Don't Fall for These Amazon Scams—Here's How to Protect Yourself

You could lose an average of $1,000 by falling for an Amazon phishing scam. Here's how to protect yourself.

Many of us have received an email (or text, or call)—it looks like it's from Amazon, but something seems off. It may say you've won a raffle, or that there is suspicious activity on your Amazon account.

Truth is, it's likely the only suspicious activity there is the message itself—because it's a scam. And if you feel like you have been getting a lot more of these spammy calls and texts, you're not alone.

In a report published by the Federal Trade Commission (FTC), Amazon was the most frequently impersonated business. About one in three people who reported a business impersonator to the FTC between June 2020 and June 2021 said the person on the other line claimed to be from Amazon.

About 96,000 people said they were targeted, with 6,000 reporting they lost money—an average of $1,000 per victim. Sadly, many of the victims were people 60 years or older, who were four times more likely to report losing money to an Amazon scam—an average of $1,500 according to the FTC's report.

Cyberattacks like these can be harmful to your financial and personal security, and can even lead to identify theft.

"If you don't put yourself through rigorous checks, you're going to get hit at some point," says Nick Santora, a certified cybersecurity expert and CEO of security awareness training platform, Curricula. "The reality is that it's not 'if' but 'when' a phishing attack will happen."

Here's how you can get better at identifying and preventing such Amazon scams—and what you can do if you do become the victim of one.

Identify Amazon scam calls and messages

The first step is to know how to identify these scam messages, also known as phishing attacks.

"Email (phishing) or text (SMS phishing, 'smishing') scams are an easy way for hackers to steal money by pretending to be someone you trust," Santora explains.

An example of a phishing attempt could be an email (like the one below), asking you to immediately change your password. There are several ways to tell that this email is fake. First, the sender's email address ends in ".info"—real Amazon emails will always end in "@amazon.com" or any of these listed emails (some vary by country or region).

Next, Amazon will never ask for your login credentials or other personal information like in the email below. Messages that have a sense of urgency and are asking you to take action immediately are red flags, too. "Email should be used as a notification system, not a shortcut," says Santora. Also, keep an eye out for any spelling or grammatical errors in the message.

Some Amazon phishing attempts may also ask you to pay by gift card or send pictures of gift cards. According to the FTC, if someone asks you to give them the numbers on the back of a gift card, it's a scam.

Amazon Scam Calls

Avoid clicking on links in fake Amazon messages

When you're reading one of these messages, don't click on any links or attachments, or download anything. "If there is a link, don't click," warns Santora. Instead, hover over the link to examine the URL and verify the source.

Any texts you get from Amazon saying you have won a prize are also scams, and you should avoid clicking on the link. "This could be a gateway for scammers to gain access to your financial information," says Christopher Liew, CFA and founder of personal finance platform, WealthAwesome.

Liew also says to watch out for Amazon scammers who contact you about your account being suspended—they will usually request you to install a remote access tool that will immediately restore your Amazon account.

What it really does is allow them easy access to your phone or computer. "This will allow them to look for sensitive information such as log-in credentials for your Amazon account, social media accounts, as well as online banking accounts," explains Liew.

You can defend yourself against phishing attempts by not following any of the instructions in these messages, and by never giving out personal information online or over the phone. If you have any doubts about your account or about an order, call Amazon directly to verify the information, instead of engaging with a scam call or text.

Amazon has a form where you can report phishing attempts and scams.

What to do if you've been scammed

Unfortunately, cyberattacks are on the rise. "These scams are increasing due to the growing amount of public information that's available," says Santora.

If you become a victim of an Amazon phishing attack and have money stolen, report it to your bank or credit card company to see if you can dispute the charges.

You should also report the scam to the FTC, which has a Report Fraud page. Once you file a report here, the FTC might file an enforcement action and try to get your money back.

Change the passwords to your Amazon account and other important financial and personal log-ins. Overall, the best thing you can do is to stay alert for phishing attempts and know how to verify messages to keep your money and personal information safe.

Was this page helpful?
Related Articles