Holiday shopping season is in full swing, and not surprisingly, Amazon.com is a popular destination. But if you’re one of the millions of people to recently order an item from the e-commerce giant (or you’re still browsing around for present ideas), be aware of a sneaky new phishing scam. As Inc. reports, both Amazon Prime members and regular customers have reported receiving fake (yet very official-looking) emails that appear to come from Amazon asking them to re-enter their credit card information.
The email's subject line says, “Your Amazon.com order cannot be shipped." According to AARP's blog, the full message reads:
Hello,There was a problem processing your order. You will not be able to access your account or place orders with us until we confirm your information.click here to confirm your account. We ask that you not open new accounts as any order you place may be delayed. For more details, read our Amazon Prime Terms & Conditions.
Recipients who follow the email’s instructions and click on the link are taken to a convincing "Amazon" page. There, they are invited to input their names, address, and credit card info (including the expiration and CVV security code). Once they hit Save & Continue, they’re automatically guided to the real Amazon website.
Hopefully you're now on high-alert, and you won't fall for this scheme. But, as AARP reminds us, you should never click on an embedded link in an email from Amazon (or, for that matter, any other company). Instead, check to see whether the items mentioned in the email are ones you've actually purchased (you can head to Amazon’s "Your Orders" section to jog your memory if need be), be suspicious of typos and spelling mistakes, and hover your cursor over any URLs provided and the sender's email address to take a close look—phishing scams will notoriously use URLs similar to the real deal.
If you do recognize an Amazon email as fake, don’t just ignore it. The New York Times recommends reporting to them by forwarding the whole message as an attachment to firstname.lastname@example.org. And since phishing schemes are likely to continue (and even grow) in the weeks leading up to Christmas and Hanukkah, check out Amazon’s list of tips for avoiding payment fraud.