Identify and report Amazon phishing emails

How do Amazon phishing email scams work?

But first, what is an Amazon phishing email? It’s a fake message that imitates communication from Amazon. Scammers who create these fake emails attempt to trick you into giving away personal information, such as your login details and credit card numbers.

You may know that most scammers are focused on one target — money. They use various tactics to obtain illegal funds, either by exploiting your sensitive data or by convincing you to send them money through bank transfers, crypto wallets, or gift cards.

Amazon scammers, in particular, follow this same blueprint but pose as representatives of the online retail giant. They send phishing emails to Amazon users to trick them into revealing payment information, such as credit card numbers and passwords.

Amazon phishing email scams typically involve six parts:

1. An unsolicited email that might look like the real deal. Scammers design these emails to closely mimic official Amazon communications. Often, these emails feature the Amazon logo and formatting similar to that used by Amazon.
2. Urgent claims. You may receive an email claiming there’s a critical issue with your account or a recent order and that you need to contact Amazon ASAP. Conveniently, the email provides a link or phone number for a speedy response.
3. Deceptive links and attachments. Amazon or Amazon Prime phishing emails often include links or attachments. Clicking on these can redirect you to fake websites that look convincingly similar to Amazon’s or initiate a malware download.
4. Information harvesting. Once on these fraudulent pages, you are prompted to enter personal details, such as account credentials and payment details.
5. Misuse of information. Scammers then use your stolen details to access your real Amazon account, conduct unauthorized transactions using your payment details, or commit identity theft.
6. Requests for payments. A phishing email claiming to be from Amazon might also request payments via gift cards or direct transfers to address a supposed issue with your account — a definite red flag.

How to identify Amazon phishing emails

You can identify Amazon phishing emails by analyzing their contents. If you can tell apart smishing and other types of social engineering attacks from bonafide communications, these warning signs should be familiar.

• Check the sender’s email address. If the sender’s address doesn’t end with “@amazon.com,” it’s likely not from Amazon. However, in Amazon scam emails, scammers might use a deceptive “From” name like “no-reply@amazon.com” to appear legitimate.
• Be wary of generic greetings. Scammers often use generic greetings in Amazon phishing emails to reach large groups quickly. Instead of personalizing the email with your name, they may use a generic greeting like “Dear customer” to save time and widen their target audience. While mass email campaigns commonly use this greeting, you should exercise caution when interacting with such emails.
• Watch out for messages that convey a sense of urgency. Amazon will never rush you into making quick decisions by threatening to cancel your orders or suspend your account. Amazon or Amazon Prime phishing emails often create a sense of urgency and provoke panic, urging you to act swiftly and make rash decisions.
• Look for spelling and grammatical errors. In 2023, 31.5% of all global spam emails came from Russia. So, Amazon email scams often contain unusual syntax or wording because they are usually written by non-native English speakers.

Examples of Amazon phishing scams

Scammers continually refine their tactics to coax you into revealing sensitive data or sending them money. Worst of all, many fake web pages are almost indistinguishable from legitimate ones. To make the deception more effective, a fraudulent website might even redirect you to the actual site after they have collected your credentials.

Be vigilant and watch out for some of the most common Amazon email scams, which include:

• 1. Complete the survey to win a prize Amazon phishing scam
• 2. Fake listings with real reviews
• 3. “Your membership has expired” Amazon Prime phishing email scam
• 4. “Sorry we couldn’t find that page” Amazon scam
• 5. Today only,” “90% off everything,” and similar Amazon phishing scams
• 6. Fake Amazon gift card phishing email scam
• 7. A phishing email claiming to be from Amazon that asks you to sign in
• 8. “Congratulations, you’re today’s winner“ Amazon phishing scam

Note: The screenshots below show Amazon phishing websites. These are not official Amazon communications, though they may look very similar.

If an offer sounds too good to be true, it probably is. Scammers are just after your sensitive information to exploit it later. Moreover, if Amazon really were giving away iPhones for completing a one-minute survey, you would likely have heard about real people receiving them by now. Did you?

🚩 Red flags to look out for:

• An offer that sounds too good to be true.
• Urgent language, such as “Hurry, prizes are limited!”
• Unusual communication style — Amazon typically doesn’t use many exclamation points.
• A generic greeting or no greeting at all is a warning sign.

Fake Amazon listings can look very similar to real ones. Copies of real Amazon listings often use the exact same layout, images, descriptions, and reviews. This striking resemblance makes it incredibly hard to distinguish fake listings from real ones. Be cautious when clicking on links within these listings — they may redirect you to a fraudulent website set up by scammers.

🚩 Signs that it’s a scam:

• Pricing or discounts that seem too good to be true. Trust your instincts when you see unusually large discounts on Amazon, especially for high-demand products that rarely go on sale.
• Check the URL. If the URL has unusual or extra characters, misspellings, or unexpected domain endings other than “.com,” it’s likely a spoofed website.

Be aware that scammers impersonating Amazon are sending fake membership expiration notices. The “Extend and activate” button in these suspicious emails is likely to direct you to a phishing website designed to steal your data.

🚩 How you can tell that it’s a phishing attempt:

• All legitimate Amazon emails and official pages feature “amazon.com” in the email address or URL.
• Beware of generic greetings like “Dear customer.”
• Beware of relatively new domains, especially those less than 180 days old.

How to check the domain age

Checking a website’s domain age can provide valuable insights into its legitimacy and history. The simplest way is to use a WHOIS lookup service. These online services show when a domain was first registered. DomainTools, accessible at whois.domaintools.com, is a popular and very easy-to-use option.

Looks legitimate, right? However, it’s a phishing website that uses poor unsuspecting Mr. Brojangles as a mule. Clicking on “Amazon’s home page” will likely redirect you to a phishing site that exploits vulnerabilities in your device to install malicious code.

🚩 Red flags to look out for:

• Once you hover your mouse over the link, you should see a URL link. If it looks odd and nothing like Amazon, it’s probably a phishing link.
• Relatively new domain.

Genuine Amazon deals are rarely as dramatic as 90% off everything. Such claims are usually too good to be true.

🚩 How you can tell that it’s a phishing attempt:

• Trust your instincts when you see unusually large discounts on Amazon.
• Check the URL. If it appears as a variation of “Amazon,” it’s probably a phishing site, not an official Amazon website.

Scammers often create domain names that closely mimic legitimate ones to deceive people and gain access to their personal information. They use various techniques to do that.

• Substitute letters with numbers (like www.amaz0n.com).
• Add a dash and a word (like www.amazon-deals.com).
• Add a word that conveys security (like www.amazonsecure.com).
• Incorporate a word that implies sales or deals (like www.amazonsales.com).
• Add a preface with additional text (like www.login-amazon.com).
• Alter the domain extension or add extra text (like www.amazonnet.com).
• Use subtle misspellings (like www.amazn.com).
• Suggest it is a support website for Amazon (like www.amazonsupport.com).
• Include misleading details to suggest personalization (like www.amazon.com-userid4567.com).
• Combine abbreviations with the original name (like www.amz-amazon.com).

Always carefully check the full URL. For safe browsing, directly enter the web address into your browser or use a bookmark for websites where you frequently shop or enter personal or payment information.

Scammers often use free Amazon gift cards as bait to lure shoppers into revealing personal details. Sadly, many victims only realize that gift cards do not exist after they have already given their account information to a fraudster.

🚩 Red flags to look out for:

• Be skeptical of overly generous offers, such as extremely high-value gift cards for minimal effort.
• Watch for urgency tactics that rush you to participate in a survey. “You only have x minutes to take part” is a huge red flag.
• Official Amazon communications are well-written. Poor grammar and spelling suggest a fraudulent email.
• Expect multiple communication channels for genuine Amazon promotions, not just unexpected and suspicious emails.

Scam emails include links that lead to fake Amazon login pages. Although these pages closely resemble the official Amazon sign-in page, their goal is to capture your username and password when you log in.

🚩 Signs it’s a phishing attempt:

• Look for odd punctuation, typos, and stylistic errors.
• Verify the URL and check the domain’s age.

But did you even enter a contest? Probably not. These and similar “Congratulations, you’re today’s lucky visitor” pop-ups are common scams. Although they’re well-recognized, scammers still send these phishing emails, hoping that excitement will override your judgment about the email’s legitimacy.

🚩 Signs it’s a scam:

• You didn’t enter any Amazon contest.
• The email lacks personalization.
• Any request to enter personal details to claim a supposed prize is a clear red flag.

Where to report an Amazon phishing email

If you receive a suspicious email posing as Amazon, report it directly to Amazon at reportascam@amazon.com by sending the suspicious email as an attachment or forwarding it. You can also report a phishing scam to Amazon by forwarding any suspicious emails directly to stop-spoofing@amazon.com.

In the US, you can report phishing to the US Cybersecurity and Infrastructure Security Agency, which provides resources to handle such incidents. You can also forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org, or to the Federal Trade Commission at spam@uce.gov.

Outside the US, report a phishing attempt to local cybersecurity agencies or the Anti-Phishing Working Group. This international coalition combats global cybercrime across the private sector, government, and law enforcement. It tracks phishing attempts and works to shut down phishing sites. Forward suspected phishing emails to reportphishing@apwg.org.

If the scam has caused serious harm, such as financial loss or identity theft, also report it to your local authorities or the cybercrime division.

How to forward phishing emails to Amazon or another organization (in Gmail)

If you’re wondering how to send a phishing email to Amazon or any other relevant organization for them to take action, the process is pretty straightforward:

1. Select the phishing email you want to report.
2. Find and click the “More ⋮” button in the options menu.
3. Select “Forward as attachment” to prepare the email for forwarding.
4. Fill in the subject line and send the email to the relevant institution’s reporting address.

Alternatively, open the email, click the “More ⋮” button, then select “Forward” to send it as a regular email.

How to protect yourself from Amazon phishing emails

Anyone can fall victim to Amazon phishing emails. However, learning to distinguish between an Amazon Prime membership phishing email and legitimate Amazon communications can reduce your likelihood of being scammed. Once you recognize the differences, you can also help protect your friends and family from scammers.

• Learn the tell-tale signs of phishing emails. Odd email addresses, lack of personalization, grammar and spelling mistakes, suspicious links and attachments, and urgent language are good indicators of a phishing attempt. Phishing detection will serve you in the long term and help protect against not only Amazon scams but also other phishing attempts.
• Avoid clicking on links you receive in email communications. Instead, navigate directly to the Amazon website by typing the URL into your browser. By typing the URL yourself, you avoid the risk of being redirected to a harmful website where cybercriminals could access your sensitive data, such as your credit card information. However, you should also be cautious when typing the URL yourself, because if you enter a phishing URL, you will still end up on a phishing website.
• Enable multi-factor authentication (MFA). MFA requires more than just your password to log in. You may need to enter a six-digit verification code that Amazon sends to your email address or mobile phone, confirm your sign-in through the Amazon mobile app, or answer a security question about your account. Alternatively, use two-factor authentication (2FA). With 2FA, you’ll need to enter both the code and your password to log in.
• Regularly update your software. Ensure that your operating system, browser, and antivirus software are always up-to-date to fend off threats. Software updates often include security patches that address vulnerabilities discovered since the last update. Cybercriminals exploit these vulnerabilities to launch phishing attacks, spread malware, or steal personal information.
• Report phishing attempts ASAP. Forward any dubious emails claiming to be from Amazon to the appropriate institutions. Reporting a suspicious email helps prevent it from reaching others. Additionally, early reporting can minimize the damage caused by phishing attacks, protecting not only your personal and financial information but also helping those who may not easily spot such scams.
• Enable NordVPN’s Threat Protection Pro feature. While a VPN encrypts your traffic and increases your overall privacy and security on the internet, Threat Protection Pro — available with selected NordVPN plans — can help against phishing. NordVPN’s Threat Protection Pro feature against phishing automatically scans URLs and blocks access to malware-hosting or malicious websites.

FAQ

What should I do if I clicked on an Amazon phishing scam?

Are you worried about what to do after clicking on a phishing link that seemed to be from Amazon? It’s important to act quickly. Let’s explore the steps to take in two possible scenarios.

If you’ve clicked on a phishing link but DID NOT enter any of your information:
1. Run a full antivirus scan on your device to check for any malware or viruses downloaded when you clicked the link. If you have NordVPN’s Threat Protection Pro enabled, you can skip this step because it automatically scans and removes malware from newly downloaded files.
2. Regularly clear your browser’s cache and cookies to prevent scammers from accessing them and creating a more personalized profile of you to launch targeted social engineering attacks.
3. Even if you didn’t enter any information, monitor your accounts for unusual activity over the next few weeks. If you notice anything suspicious, change your password and report it immediately.

If you’ve clicked on a phishing link and entered your personal information:
1. First, change your Amazon password and the passwords of any other accounts where you use the same or similar credentials. Make sure you create strong passwords.
2. Contact your bank or credit card issuer to inform them of the potential breach. They can then monitor your accounts for suspicious activities and, if necessary, enforce additional security measures.
3. Notify Amazon of the phishing attempt by forwarding the email to stop-spoofing@amazon.com or reportascam@amazon.com.
4. Monitor your financial and personal accounts for any unauthorized transactions or changes.
You can take additional precautions, such as placing an initial fraud alert, initiating a credit freeze, or deleting your Amazon account, but the steps above are just the basics.

Does Amazon notify you if someone tries to log into your account?

Yes, Amazon prioritizes security and will notify you of any unusual activity. If Amazon suspects your account has been compromised, it will contact you to confirm whether it was you who logged in, made a purchase, or changed your account information or settings. Typically, Amazon sends an email alert or an app notification to verify that.

Can Amazon send me text messages?

Yes, Amazon can send you text messages for various purposes, including delivery updates, security verifications, and promotional offers. To receive these messages, you must opt-in for mobile notifications in your account settings.

Does Amazon notify you of suspicious activity?

Yes, Amazon may occasionally send you security alerts about important changes to your account or when it notices new activity that needs confirmation.

How do you know if your Amazon account has been hacked?

If you suspect your Amazon account has been hacked, look for several key signs. Check for unrecognized orders and unauthorized changes to your account details, such as your email, password, shipping address, or payment methods.

Also, be on alert for failed login attempts, unexpected password reset emails, or any notifications about unauthorized changes to your account settings. Additionally, review your account’s device history for activity from unfamiliar devices or locations.

If you encounter any of these issues, promptly change your password, enable two-factor authentication, and contact Amazon customer service to secure your account.

Can I see who logged into my Amazon account?

Amazon does not provide a detailed log of each sign-in attempt or device access history in the way some other services like Google or Facebook might. Instead, Amazon allows you to manage devices registered for content access (like streaming and shopping apps).

1. Log in to your Amazon account.
2. Navigate to “Accounts & lists” and select “Manage your content and devices.”
3. Under the “Devices” tab, you’ll see the devices registered to your account.
4. Here, you can deregister any device that you do not recognize or no longer use.

These steps won’t reveal the names of the individuals who accessed your account, but they will help you identify any unfamiliar devices.

What number does Amazon use for text messages?

Amazon.com uses the short code 262966 to send shipment tracking updates in the US. Remember, text messages or calls from Amazon will never request your personal information.