Amazon can be a convenient way to shop, but it can be an increasingly risky proposition.
According to a report from the Federal Trade Commission (FTC), Amazon scams are on the rise. The agency says, “From July 2020 through June 2021, about one in three people who reported a business impersonator to the FTC said the scammer claimed to be calling from Amazon.”
Reported losses exceeded $27 million with the median loss per person being about $1,000. The FTC report says this scam “may be disproportionately harming older adults.”
There are many types of scams that target Amazon shoppers. They can come in the form of a phone call, text message, email, social media post or a browser pop-up. These messages can look like they are coming directly from Amazon.
Here are some of the most common scams to watch out for.
Email scams are regularly showing up in people’s inboxes. The messages are sometimes different, but in this case, they all appear to be coming from Amazon and contain links, attachments or phone numbers. All of these messages intend to steal your personal and financial information.
When you place an Amazon order, you typically receive an email confirmation. But scammers also send fake confirmations which list items that you did not order. You should carefully review every email you get to ensure that it is legitimate.
Scammers send these fake notifications hoping that the recipient feels a sense of urgency to respond, believing that they have been charged for an order they did not place. The email may contain a phone number or link prompting you to log in and verify or cancel your order.
When you click the link, it directs you to a fake Amazon website designed to steal your login credentials and payment information. Calling the phone number will connect you to a fraudulent cybercriminal who will ask for confidential information.
Winning prizes can be really exciting — except when it’s a scam. Here are three different ways scammers use “prizes” to steal your information:
Ironically, another common scam is based on the premise of suspicious activity in your account. You receive an email, text message or phone call notifying you that your account has been locked due to unusual activity, or it may say that a suspicious purchase has been made from your account, often citing a large dollar amount.
You’ll be asked to click a link to unlock your account or verify the charge. The link directs you to a fraudulent website designed to steal your login credentials and other personal information.
The invoice can look very similar to an actual Amazon invoice, and often the order is for a very expensive item. This is meant to instill a sense of urgency so that you’ll act quickly to cancel the order. If you click the link or call the phone number, you will be asked to provide personal and credit card information to cancel the order and get a refund. Instead, your information will be stolen and used for fraudulent purposes.
You might get a message saying that you’re entitled to a refund for an overpayment or erroneous charge. You’ll be prompted to click a link to update your payment or contact information. Or the message may list a phone number to call. Don’t click the link or call the number. If you do, you’ll be asked for personal information, or you might be asked for remote access to your computer.
Another type of scam, known as “brushing,” is when you receive a package that you never ordered. Usually, the package contains an inexpensive, lightweight item that costs very little to ship. There is typically no return address listed on the package.
Scammers use the orders to write fake reviews using the recipient’s name to improve their sales statistics (and ratings on Amazon. Since the package was delivered to you, it appears that you are a verified buyer.
While this seems somewhat innocent (and you got something for free), this should concern you because the fact that the scammers have your address often means you have been part of a data breach that has exposed your personal information to cybercriminals. The data that has been stolen could be more than just your name and address. It may include your Social Security number, bank account information, credit card information, medical information, usernames and passwords and other confidential information.
This can happen if your Amazon account has been compromised. The thief will place an order using your account and then watch for the delivery to show up at your door and steal the package.
This is especially dangerous because the thief has access to your Amazon account and payment information.
Looking for a new job? There’s a scam for that, too. Cybercriminals are posting fake ads for jobs at Amazon. When the victim applies for the job, the cybercriminal may call and ask for confidential information such as your Social Security number or banking information.
You may even receive a phone call, email, text message or social media message inviting you to apply for a high-paying job at Amazon. When you respond, a fake Amazon human resources representative will ask you to provide confidential information or ask you to pay a fee to apply.
Some scammers target Amazon Prime Video customers when they are setting up their accounts. You might click on a fraudulent ad or land on a fake website that looks like the Amazon Prime Video setup page. You might be prompted to enter the code displayed on the TV during setup. Then you are asked to call a phone number to complete the setup. When you call the number, they ask for payment information, passwords, or multifactor authentication codes.
You might receive a message offering payment for writing an Amazon review. You are instead directed to a fraudulent website where you are prompted to enter your Amazon username, password, or payment information.
Another tactic is known as “typosquatting” or “URL hijacking.” Scammers create fake websites that appear to be legitimate websites for popular businesses. These sites can look very authentic with official company logos and a familiar user interface, but the URL is slightly different from the real web address. If you look closely, you will notice a spelling error, a letter out of place, a missing letter or some other flaw in the address.
Typically, someone lands on one of these sites by making a simple typo in a web address. What’s the harm of a typo? If you end up on one of these fake sites, you may be prompted to enter your username, password or other sensitive information, which leads to identity and financial theft.
While scammers are actively trying to rob our wallets, there are several strategies you can use to prevent it from happening to you. The best way to protect yourself is to be aware and suspicious of links and phone numbers. I’m not trying to scare you from opening emails or making phone calls, but you should exercise caution to avoid scams. These tips can help:
If you believe you have been scammed, here are a few actions you can take:
Don’t cancel your Amazon Prime membership just yet (unless it’s just not worth it for you). Scams can happen anywhere, and not all of these scams are specific to Amazon. However, millions of people shop on Amazon every year so the opportunity for scams is present. Keep a watchful eye on links and messages to make sure you’re protecting your wallet.