Published: November 10, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
Amazon, the behemoth online marketplace with something for everyone, also has a long history of being used for email phishing scams. With an estimated 80% of their 310+ million customers in the U.S., Americans lost more than $27 million to Amazon phishing scams last year. One of the most effective phishing lures instills a sense of urgency in the email target. Knowing how to spot these “urgent” phishing lures is a great way to avoid falling for them.
How Urgency Emails Work
Scammers know urgency tricks victims into acting quickly. They know that’s when phishing red flags get missed and mistakes get made to their benefit. Amazon (the real one!) states they never ask for sensitive information in emails. Below are a few examples of Amazon “urgency” scam messages.
1. Updated Payment Info Needed To Ship Your Order. The email’s urgency hopes to steal payment information. The email can include a form to fill out and send back, or include a link to a spoof site. Either way, the scammer is on the receiving end of your PII.
2. Your Account Has Been Suspended Or Locked. This email alerts you to billing problems with your account and that your payment method needs verification. It has a link to a bogus Amazon site set up to send your payment info and other PII to the scammer.
3. An Item You Purchased Is On Its Way! The email message says your purchase, one you know you didn’t make (often a pricey electronic device), has just shipped. There’s a customer support phone number where you’re told your account was hacked and your password needs to be changed. You’re sent a text link to reset it, but it goes to a spoof site that steals your password. That’s when the scammerlocks you out of your own account.
Safety Tips for Amazon “Urgent” Scams
Never follow email links, open attachments or trust phone numbers. The links go to “spoof” website pages set up just to steal your PII and payment info. The attachments may be loaded with malware that infects devices. The phone number goes directly to the scammer or a call center set up by them.
Spot the spoof URL. The scammer’s email address is fake, as is the spoof website they direct you to. Hover over the URLs to find the real source that should always end in “Amazon.com” for legitimate U.S.-based Amazon web pages.
Check your Amazon account. Type in the true Amazon website URL and log in. Go to “Messages” to find out if the email is for real. If there’s no record of the email, it’s a sure fake.
Generic greetings, bad spelling or grammar, and bad graphics. Generic greetings like “Dear Customer” with bad spelling and grammar are true scam signs. Blurry logos and other poor graphics are clues, too. Sometimes even intentionally to hide something they don’t want you to see that would give them away.
Contact customer support to report the phishing email so they’re aware of it. Look up the legitimate contact info and never use anything supplied in the email.
Scammers love to exploit a good thing and urgency phishing isn’t unique to Amazon customers alone. Financial institutions, IRS, Social Security, charities, “tech support,” and even healthcare can be scammer identities. It’s important to remember – nothing is off limits for these cyber-scams, so don’t trust and always verify “urgent” emails.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments