Have you ordered anything from Amazon in the past couple of weeks? Are you planning to soon? If either is true, you might easily be victimized by a real-looking email, supposedly from Amazon, explaining that there's a problem with your order and asking you to re-enter some personal information. Whatever you do, don't comply. It's likely a scam.
Both Amazon Prime members and non-members are reporting this scam.
Here's how it works. You receive a very legit-looking email with the subject line, "Your Amazon.com order cannot be shipped."
The email goes on to say something like "Hello, there was a problem processing your order. You will not be able to access your account or place orders with us until we confirm your personal information. Click here to confirm your account. It goes on to request that you not open any new accounts until the issue is resolved and read Amazon's terms and conditions if they have further questions. Whatever you do, don't comply. It's probably a scam.
If you click on the link in the email, it takes you to a very real looking "Amazon" page where you are invited to re-enter your name, address, and credit card information. Which, of course, the scammers will now have. Just to keep you unsuspicious, when you're done it will send you on to the real Amazon website.
Here are other tips to help you stay safe when you use Amazon or get an e-mail from them:
1. Check for the S. Amazon and other sites dealing with financial information should start out "https" not "http". Floating your cursor over the link should show you which it is, or if your browser hides those prefixes, you can copy and paste. But avoid going to insecure pages.
2. Look closely at the URL. The domain name should begin "amazon.com" or possibly something like "amazon.co.uk" if you're shopping on Amazon outside the U.S. Most retailers start with their domain name and then add on a department. For instance, the URL for Amazon's page for customer assistance begins: "https://www.amazon.com/gp/help/customer/". Watch out for anything like "amazoncustomerservice.com."
3. Examine the email address. Likewise, the sender's email address should end "@amazon.com" (or something comparable for other retailers). It obviously shouldn't be anything like "[email protected]," but fake domains can be used to create fake addresses, so even if the domain looks like it might be legit, be cautious if it isn't the same domain you would use to visit the retail site.
Incidentally, Amazon asks that you attach (or if not, forward) scam emails so their security team can shut them down.
Here are some general tips to keep you safe online.
Scammers attempting to have you divulge private information such as your amazon password or credit card numbers is called "phishing". There are thousands of scams out there trying to phish information from all of us.
1. Get there by your own means. Clicking from emails to websites most of the time won't get you in trouble. But if you receive an email announcing a problem with your account and/or asking you for further information, it's much smarter not to click the link. Go to the site using your bookmarks, history or search for information.
2. Use two-step authentication whenever it's offered. The smartest websites and services help preserve your security by offering two-factor authentication for signing in when you set up an account. You should take them up on the offer. This makes it harder for scammers to access your account passwords.
In general, a site will ask for your mobile phone number and then text you a number to enter whenever you try to sign in. Many sites also allow you to use Google Authenticator and/or a one-time code, which can be very handy if you lose your phone, or it dies, or you're somewhere out of cell range.
You can also set your home computer to be recognized so it won't put you through that process every time you sign in, but it will prevent hackers elsewhere from signing into your email, retail, bank, or other online accounts and causing havoc.
