Amazon is the latest company to be used by fraudsters in an attempt to obtain sensitive information from customers.
Canadian financial guru Gail Vaz-Oxlade took to Twitter this week to alert the retail giant that she’d ordered something from the site a day earlier and had recently received a notification. She added a screenshot of an email message that purports to be Amazon Prime. The notification, which resembles the Amazon Prime font and colours, alerts the customer of difficulty processing their order. It instructs: “Please visit your Order Details to update payment information for your order.” Under the notification, there’s a button that says “Update Your Payment Method”.
The company replied with some tips for identifying an email or text message as an Amazon scam. Watch for:
Emails or text messages asking for sensitive personal information like social security number, tax ID, bank account number, credit card information, or ID questions like your mother's maiden name or your password.
Emails or text messages asking to make a payment outside the company’s website, or asking for remote access to your device.
Attachments or prompts to install software on your device.
Typos or grammatical errors.
Forged email addresses to make it look like the email is coming from Amazon.com.
Legitimate Amazon websites have a dot before "amazon.com" such as http://"something".amazon.com. For example, Amazon Pay website is https://pay.amazon.com/. Emails with an IP address (string of numbers), such as http://123.456.789.123/amazon.com/ are a scam. If the link takes you to a site that is not a legitimate amazon domain, then it is likely phishing.
If you are concerned about an Amazon order or receive an order confirmation for something you didn’t buy, go directly to the Amazon site and go to Your Orders to see if the details match up. If they don’t, the message wasn’t from Amazon.
In the replies to Vaz-Oxlade’s tweet, some users reported receiving similar emails, but from companies like PayPal and Costco.