Holiday shopping scams should be no surprise at this point. Thieves know tons of people are looking for great deals on the hottest items of the season and do their best to rip them off. Tap or click here for details on holiday shopping scams that are already making the rounds.
Of course, when we’re talking about online shopping, Amazon is one of the first sites that comes to mind. This is why scammers are now focusing on the retail giants’ customers.
And the latest schemes going around are even trickier than most. Even the savviest shoppers could fall for them. Keep reading to find out what to look for and how to protect your bank account.
Here’s the backstory
Scammers are now tapping into Amazon’s delivery process to harvest personal details and banking data.
Security company Avanan recently discovered a new form of attack on Amazon customers. In the latest scam, criminals spoof Amazon’s order notification page to look like the real thing.
To lure victims there, scammers send a phishing email claiming that an order has successfully been placed. If you don’t recall placing the order, the thieves hope that you will click on the link to question it.
But that is where the scam kicks into gear. The link in the mail will take you to a spoofed page. It seems remarkably similar to the actual Amazon page, so it can be easy to be fooled. If the victim wants to cancel the bogus order, the page instructs them to call a number.
Naturally, the scammer is waiting on the other end of the call. Sounding helpful in getting the order canceled, the scammer will ask for the victim’s credit card number or personal details to “verify the identity of the account.”
The criminals claim that they’ll need a credit card number and CVV number to cancel the order. That would be a huge mistake, as once you hand over your details, the scammers will have everything they need to rip you off.
Here’s an example of the phishing email from Avanan:
How to stay safe from phishing attacks
Phishing emails are more sophisticated than ever. That’s why you need to follow safety precautions with every message you receive. Here are some steps to take:
- Is that email real? – With any email you receive, verify that the sender’s address is real. Spoofed emails may look like they’re coming from Amazon or another company, but the address isn’t quite the same.
- Look at your account – Instead of clicking a link or calling a number found inside an unsolicited message, go to your Amazon account directly and look at your Orders page to see if there is suspicious activity. If so, contact Amazon through official ways. Tap or click here to safely contact Amazon.
- Enable 2FA – When available, enable two-factor authentication as an extra step to lock down your account. Tap or click here to see how to set up 2FA for your frequently used online accounts.
- Don’t click that link – Never click on links or open attachements found in unsolicited emails. They could be malicious and lead to tons of problems.