Amazon scams use every trick in the book to convince you they’re genuine. Here are some common attempts doing the rounds.
Amazon scams are big business, with fraudsters frequently impersonating the e-commerce giant due to its huge customer base, brand familiarity and global presence.
With millions of customers and subscribers to its Prime delivery and video service, fraudsters regularly target Amazon customers (and the wider public) with cold calls and a variety of different phishing emails. These attempt to capture sensitive personal information, including your bank and card details
For this reason, it’s important to be on your toes. Here’s how to spot a scam.
This is a round-up of some of the most common Amazon scam attempts spotted recently. We explain how you can spot the phoney cold calls, recognise the fake emails and keep your Amazon account secure.
Amazon Prime cold call scams
An extremely common nuisance call posing as Amazon has been plaguing UK consumers for years. Its goal is to connect you to a fictional ‘account manager’ and often involves the installation of remote access software on your device, which gives the scammer control.
How can you tell if a call from Amazon is genuine? Amazon will never ask you to disclose or verify sensitive personal information. It states that it will not offer a refund you don’t expect and is imploring customers to report suspicious activity involving its brand.
An Amazon spokesperson said: “Scammers that attempt to impersonate Amazon put our customers and our brand at risk. Although these scams take place outside our store, we will continue to invest in protecting customers and educating the public on scam avoidance.
“We encourage customers to report suspected scams to us so that we can protect their accounts and refer bad actors to law enforcement to help keep consumers safe. Please visit our help pages to find additional information on how to identify scams and report them.”
Fake Amazon ‘locked account’ email
Fake emails using convincing Amazon branding have been reported over the last two years. The emails tell the recipient that their Amazon account has been ‘locked’ and that they must take urgent action to verify it.
The emails provide a convincing-looking button designed to take you through to a website that has nothing to do with Amazon.
Fake websites like this pose as the brand they claim to be from. They encourage you to enter your login information and/or card details into a fake login screen or form. Once you’ve done this, the scammers will be in possession of the information you entered.
You can often spot phishing emails by taking a moment to assess the communication. An email may appear genuine at first glance, but has it arrived from a genuine Amazon email address? Does the text of the email contain spelling and grammatical errors? Is it linking to a website that isn’t Amazon’s usual domain name?
Fake Amazon ‘order’ email
Operating in exactly the same way as the fake ‘locked account’ email, scammers will also send fake emails confirming an ‘order’.
The scammers are relying on you becoming panicked by being charged for an order that you didn’t place. The hope is that you’ll click through to their fake site directly via the email.
But once again, you should take the time to assess the email before making any rash decisions. Visit the official Amazon site via a separate browser window and log in to your account in the usual way.
Are there any orders on your account that match what the email is telling you? If not, the email is almost certainly fake. However, if you’re unsure, contact Amazon via the official site (not the suspicious email) and ask it to clarify.
An Amazon spokesperson said:
“We’ve introduced email verification technology for emails sent by Amazon to protect customers from phishing scams. For customers with email clients supporting the technology, including many of the large providers – Gmail, Yahoo!, and AOL – emails from Amazon will now include our ‘Smile’ logo in thumbnails, indicating that they’ve passed security checks. If customers see the ‘Smile’ logo next to emails coming from an @amazon.co.uk sender, that will indicate that the email is genuinely from Amazon.”
Amazon gift card scam
Another common phishing email tactic is to notify a potential victim that they’ve won a ‘gift card’ or some sort of reward. Action Fraud says it has received nearly hundreds of reports of the fake gift card emails, with the links included in them leading to phishing websites designed to steal personal and financial information.
Amazon will not suddenly offer you a gift card out of the blue. Inspecting these emails closely will likely reveal additional hallmarks of a fake email in the same style as the ‘locked account’ and ‘delivery’ attempts.
Amazon has more information about how to spot common gift card scams.
Fake Amazon texts
While not as common as other Amazon scam attempts, occasionally fraudsters will attempt to lure you to fake websites via SMS text message.
Like the phishing emails, these sites link to a website that has nothing to do with Amazon, which will likely ask you to enter sensitive information, such as your Amazon password.
Amazon says it will never ask for your password or personal information by text message. If you’ve received a text message like this, don’t follow the link. Instead, check if there’s an issue with your account with Amazon via its official channels.
Fake Amazon unclaimed packages
Fake ads have been spotted on Facebook offering to sell unclaimed Amazon packages at huge discounts.
It may say: “It’s the best time of the year to buy Amazon unclaimed packages”, and refer to “amazing value”. It may also say: “If they go unclaimed for 3 months, we sell them at 80% off!”
Amazon does have lots of unwanted and returned items, so some people could fall for it and click on it.
However, we asked Amazon about the adverts. It said they looked like a scam and confirmed that they were not associated with Amazon.
If you see one of these posts on your Facebook newsfeed, don’t click any links or attempt to make a purchase. If you do, you may pay for merchandise that never arrives, give your credit/debit card info to a scammer who will use it to drain your account and/or possibly download malware onto your computer or mobile device.
If you’re wondering where all the unwanted and returned items go, Amazon works with liquidators in Europe and the US to sell the stock.
Amazon ‘brushing’ fraud
‘Brushing’ is a process in which sellers on Amazon’s marketplace send people packages that they didn’t order. The purpose of this is so they can use the fabricated ‘transaction’ to leave themselves positive reviews, boosting their seller rating/scores and making themselves appear popular and trustworthy.
The issue of ‘brushing’ has been widely reported across the media, with millions of UK households potentially affected.
Amazon says that the packages are being sent to publicly available names and addresses. So while there’s no obvious sign that your personal data has been breached – and that this isn’t a ‘scam’ in the traditional sense – the unsolicited packages can quickly become a nuisance with some households inundated with unwanted items.
According to Amazon, third-party sellers are prohibited from sending unsolicited packages to customers. Amazon says that these deliveries should be reported immediately via its Customer Service, but there’s no need to return the item.
Amazon says it will take appropriate action against those that violate its policies. This could include suspending or removing selling privileges, withholding payments and even working alongside the police.
An Amazon spokesperson said: “Third-party sellers are prohibited from sending unsolicited packages to customers, and we take action when our policies are violated, including by withholding payments, suspending selling privileges, and reporting bad actors to law enforcement.”
What to do if you’ve been scammed
If you think you may have given your banking or card details away to scammers, you should let your bank know what’s happened immediately. Most of the big banks participate in the Stop Scams UK scheme, so call their 159 hotline first. Alternatively, call your bank on its official fraud hotline.
The bank should work with you to get your money back after a scam, but this will vary depending on how the scammer stole your money.
You should also report the incident to Action Fraud via its website or on 0300 123 2040.
Amazon accounts support two-factor authentication (AKA two-step verification) which adds a vital layer of extra security to your account when you log in.
With two-factor authentication enabled, Amazon will request that you also enter a security code after entering your password. This security code is sent by text message to your phone or can be generated via your own authenticator app. Here’s Amazon’s guide to two-step verification.
This will ensure that even if someone has gained access to your password, they still won’t be able to proceed without the security code.
Experts recommend that you switch on two-factor authentication for any of your accounts where it’s an option, but especially accounts which hold sensitive information.
How to report Amazon scams
Amazon has a dedicated page explaining how you can report suspicious phone calls, emails or text messages:
For ‘brushing’ fraud specifically, it encourages you to report to its Customer Service.
Outside of Amazon directly, phishing emails can be reported to the National Cyber Security Centre (NCSC) on [email protected]
The NCSC can then work to remove the fake websites that phishing emails link to.
Amazon has recently issued advice via email to customers containing the following four rules to follow if you’re unsure about a communication you’ve received:
- Never feel pressured to give information (such as your credit card number or account password) over the phone, especially if the call was unexpected.
- Never pay over the phone. Amazon will never ask you for payment over the phone.
- Trust Amazon-owned channels: always go through the Amazon app or website when seeking customer support.
- Be wary of false urgency: be wary if something tries to convince you to ‘act now’.