Written by Shelly Lott
Amazon can be a convenient way to shop, but it can be risky.
Many types of scams target Amazon shoppers. They can come in the form of a phone call, text message, email, social media post, or a browser pop-up. These messages can look like they are coming directly from Amazon.
Warning: Avoid Scams on Amazon
Here are some of the most common scams to watch out for.
General Phishing and Smishing Scams
Email scams are regularly showing up in people’s inboxes. The messages are sometimes different, but in this case, they all appear to be coming from Amazon and contain links, attachments or phone numbers. All of these messages intend to steal your personal and financial information.
Fake Order Notifications
When you place an Amazon order, you typically receive an email confirmation. But scammers also send fake confirmations that list items that you did not order. You should carefully review every email you get to ensure that it is legitimate.
Scammers send these fake notifications hoping that the recipient feels a sense of urgency to respond, believing that they have been charged for an order they did not place. The email may contain a phone number or link prompting you to log in and verify or cancel your order.
When you click the link, it directs you to a fake Amazon website designed to steal your login credentials and payment information. Calling the phone number will connect you to a fraudulent cybercriminal who will ask for confidential information.
Fake Prize Notifications
Winning prizes can be really exciting — except when it’s a scam. Here are three different ways scammers use “prizes” to steal your information:
- Get a prize for clicking a link to redeem it: This scam can come in the form of an email, text message, social media post, or browser pop-up stating that you are eligible to win a prize by completing an Amazon survey. Clicking the link can infect your device with malware and steal your personal information.
- Get a prize for completing a survey: The questions that are asked can be used to build a profile on you, and this information can be shared with other cybercriminals and passed around on the dark web. The information they gather can lead to identity and financial theft.
- Get a prize but pay for shipping: You’re prompted to enter your payment information to cover shipping costs, but instead, your financial information is stolen.
Suspicious Amazon Account Activity
Ironically, another common scam is based on the premise of suspicious activity in your account. You receive an email, text message or phone call notifying you that your account has been locked due to unusual activity, or it may say that a suspicious purchase has been made from your account, often citing a large dollar amount.
You’ll be asked to click a link to unlock your account or verify the charge. The link directs you to a fraudulent website designed to steal your login credentials and other personal information.
Fake Invoice
The invoice can look very similar to an actual Amazon invoice, and often the order is for a very expensive item. This is meant to instill a sense of urgency so that you’ll act quickly to cancel the order. If you click the link or call the phone number, you will be asked to provide personal and credit card information to cancel the order and get a refund. Instead, your information will be stolen and used for fraudulent purposes.
Overpayment Scam
You might get a message saying that you’re entitled to a refund for an overpayment or erroneous charge. You’ll be prompted to click a link to update your payment or contact information. Or the message may list a phone number to call. Don’t click the link or call the number. If you do, you’ll be asked for personal information, or you might be asked for remote access to your computer.
Brushing Scam
Another type of scam, known as “brushing,” is when you receive a package that you never ordered. Usually, the package contains an inexpensive, lightweight item that costs very little to ship. There is typically no return address listed on the package.
Scammers use the orders to write fake reviews using the recipient’s name to improve their sales statistics (and ratings on Amazon). Since the package was delivered to you, it appears that you are a verified buyer.
While this seems somewhat innocent (and you got something for free), this should concern you because the fact that the scammers have your address often means you have been part of a data breach that has exposed your personal information to cybercriminals. The data that has been stolen could be more than just your name and address. It may include your Social Security number, bank account information, credit card information, medical information, usernames and passwords, and other confidential information.
Porch Pirate Scam
This can happen if your Amazon account has been compromised. The thief will place an order using your account and then watch for the delivery to show up at your door and steal the package.
This is especially dangerous because the thief has access to your Amazon account and payment information.
Fake Amazon Job Offer Scam
Looking for a new job? There’s a scam for that, too. Cybercriminals are posting fake ads for jobs at Amazon. When the victim applies for the job, the cybercriminal may call and ask for confidential information such as your Social Security number or banking information.
You may even receive a phone call, email, text message or social media message inviting you to apply for a high-paying job at Amazon. When you respond, a fake Amazon human resources representative will ask you to provide confidential information or ask you to pay a fee to apply.
Prime Video Sign-Up Scam
Some scammers target Amazon Prime Video customers when they are setting up their accounts. You might click on a fraudulent ad or land on a fake website that looks like the Amazon Prime Video setup page. You might be prompted to enter the code displayed on the TV during setup. Then you are asked to call a phone number to complete the setup. When you call the number, they ask for payment information, passwords, or multifactor authentication codes.
Amazon Review Scam
You might receive a message offering payment for writing an Amazon review. You are instead directed to a fraudulent website where you are prompted to enter your Amazon username, password, or payment information.
Typosquatting-URL Hijacking
Another tactic is known as “typosquatting” or “URL hijacking.” Scammers create fake websites that appear to be legitimate websites for popular businesses. These sites can look very authentic with official company logos and a familiar user interface, but the URL is slightly different from the real web address. If you look closely, you will notice a spelling error, a letter out of place, a missing letter, or some other flaw in the address.
Typically, someone lands on one of these sites by making a simple typo in a web address. What’s the harm of a typo? If you end up on one of these fake sites, you may be prompted to enter your username, password, or other sensitive information, which leads to identity and financial theft.
How To Protect Yourself From Amazon Scams
While scammers are actively trying to steal our money, there are several strategies you can use to protect yourself.
These tips can help:
- Be alert. Before you click any links, investigate and be suspicious of any message requesting information.
- Go directly to your Amazon account. Confirm any purchases or messages by visiting your Amazon order history.
- Change your Amazon password regularly and use a strong, unique password for each site you visit. Never use the same password twice.
- Inspect URLs before clicking on them. Hover over the link and look for anything unusual in the address.
- Add the websites you visit often to your “Favorites” list in your browser so that you don’t have to type the address each time.
- Be cautious opening attachments. They are often infected with malware.
- Use a credit card when placing an online order. Consider getting a credit card to use strictly for online purchases.
- Never search for support phone numbers or email addresses using a search engine. Scammers post fake numbers and email addresses that often show up at the top of the search results listing. If you contact them, it can lead to identity and financial theft. Instead, go directly to the Amazon website for support.
- Block any phone numbers that are not from a legitimate source.
- Enable multi-factor authentication for your Amazon account.
What To Do if You Have Been Scammed
If you believe you have been scammed, here are a few actions you can take:
- Change your Amazon password.
- Report the scam to Amazon by using this link.
- Report scams to the Federal Trade Commission by using this link.
- Call your local police department to report the scam and file a police report.
- Place a fraud alert on your accounts with all three credit bureaus.
- Contact the creditors and financial institutions you do business with. Let them know that your accounts may have been compromised. They can refer you to their fraud departments and can help you take the appropriate steps to secure your accounts.
- Keep a record of all steps you take to report and document the scam.
Final Thoughts
Don’t cancel your Amazon Prime membership just yet (unless it’s just not worth it for you). Scams can happen anywhere, and not all of these scams are specific to Amazon. However, millions of people shop on Amazon every year so the opportunity for scams is great. Keep a watchful eye on links and messages to make sure you’re protecting your wallet.