With over 300 million customer accounts, Amazon is the most popular online retailer in the world. There's even an estimated 80 million Amazon Prime members in the U.S. (Note: If you're not a Prime member, click here to learn how to become a member at a discounted rate.)
Such an incredible number of users makes Amazon a prime target for cybercriminals. That's why you need to watch out for the latest scam, it's focused on ripping off Amazon customers.
Watch out for this tricky Amazon scam
The latest Amazon scam is really tricky and easy to fall for. It's a combination of both a phone scam and phishing attack.
What's happening is, unsuspecting victims are receiving emails that look to be from Amazon support. The email claims that someone has attempted to reset your Amazon password and if it was not you, you're to call an 800 number that is also provided in the message.
The problem is, the email is fraudulent and isn't really from Amazon. It's an elaborate phishing scam trying to trick victims into calling the 800 number. If you call it, one of the scammers will answer and direct you to a malicious website where you're to enter your email address as well as a code that is also provided in the email.
Once the victim visits the malicious site, they are asked to enter not only the code but also their Amazon login credentials. Once the criminals have that they have total access to your Amazon account. Here's what the email looks like:
Note: If you are reading this article using the Komando.com app, click here to see an example of the Amazon phishing email.
As I said earlier, this is currently an elaborate phishing scam looking to steal your credentials. The criminal behind the attack could change it to something even more devious in the future. For example, visiting the malicious site could infect your gadget with malware or ransomware. That's why you need to know how to spot a phishing attack so that you don't fall for it.
Be cautious with links and phone numbers
Typically with phishing scams, we'd advise you to not follow web links in unsolicited email messages. In this case, we're warning you NOT to call the phone number found in the fraudulent email. You will end up speaking with a scammer and directed to a spoofed website in an attempt to steal your Amazon credentials.
If you ever need to contact Amazon, type its web address directly into your browser and search for contact information.
Cybercriminals always take advantage of popular websites to try and find new victims. That's why you need to be able to recognize a phishing scam.
One thing to watch for with phishing attacks are typos, criminals are typically careless with spelling and grammar. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
Set up two-factor authentication
Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.
Use unique passwords
Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it's easy for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
Do not disclose sensitive data
Unsuspecting people are mistakenly handing over sensitive information to scammers all too often. If you receive an unsolicited email, do not reply with personal information. You don't want it to fall into the hands of criminals. If a company that you do business with on a regular basis emails you and asks for personal information, type the company's official web address into your browser and go there directly to be safe.
Protect your critical data
This latest Amazon phishing attack is an attempt for criminals to steal your credentials. However, they could end up changing the payload in the future to something more devious, like ransomware.
That's why you should always keep a backup of your data, so you can restore your device in case of an emergency. We recommend using an online backup service such as our sponsor IDrive.
With IDrive, you can backup all your PCs, Macs and mobile devices into ONE account for one low cost. Also, it has recently added a new feature called Snapshots.
IDrive Snapshots is a historical view of user data stored in your IDrive account, which allows users to perform point-in-time recovery of their critical files. If your data gets infected with encryption based ransomware, all you have to do is select a timeline before infection and restore it.
Speaking of phone scams, did you know that criminals can now call you from your own number?
With the recent onslaught of robocalls and scams, it's best just to let your phone go to voicemail. It’s a lot tougher to do when your caller ID appears to be from a familiar number or company. But you won't believe this. Scammers are now pretending to be you!