Dissecting the Lessons from a Recent Amazon Scam Warning Email

Amazon Prime subscribers recently received an email from the online marketplace, warning them of the prevalence of scams that took advantage of their offerings and brand recognition. Let’s go through the advice that this email shared, and compare it to the best practices we recommend for avoiding scams.

What Did Amazon’s Email Have to Say?

As you may expect, this communication primarily focused on those scams that involved Amazon’s brand and services in some way. For instance, it directly referenced “Prime membership scams” and “Account suspension/Deletion scams.”

As the email put it, a Prime membership scam is composed of some communication that references some issue with your membership in the program or some additional fee that is required. In order to confirm or cancel this charge, of course, your payment information is needed.

In regards to these scams, the official statement shared in the company’s email is that “Amazon will never ask you to provide payment information for products or services over the phone.”  Instead, customers are directed to visit the official website/application to check for legitimate communications in the Message Center and manage their account status.

Account suspension/Deletion scams, meanwhile, are described as texts, emails, and phone calls that try to fool users into providing account access by convincing them to hand over their credentials or payment information.

Amazon’s official stance—again, from the aforementioned email—is that “Amazon will never ask you to disclose your password or verify sensitive information over the phone or on any website other than Amazon.com.” Their advice is to authenticate any requests, specifically through the Message Center.

Amazon’s Other Recommended Tips (and Whether We Agree with Them)

Amazon’s alert also outlined a few pieces of advice. To quote the message:

“1. Trust Amazon-owned channels.
Always go through the Amazon mobile app or website when seeking customer service, tech support, or when looking to make changes to your account.

2. Be wary of false urgency.
Scammers may try to create a sense of urgency to persuade you to do what they're asking. Be wary any time someone tries to convince you that you must act now.

3. Never pay over the phone.
Amazon will never ask you to provide payment information, including gift cards (or “verification cards,” as some scammers call them) for products or services over the phone.

4. Verify links first.
Legitimate Amazon websites contain "amazon.com" or "amazon.com/support." Go directly to our website when seeking help with Amazon devices/services, orders or to make changes to your account.”

We Agree with These Measures

Overall, these line up with the best practices we’d recommend when dealing with any official-seeming communication to help prevent phishing:

• When responding to a message, it is always better to turn to confirmed official channels, separately from that message. Don’t respond to a suspected phishing email directly—manually navigate to the company’s website, find the supposed sender’s contact information there, and reach out that way.
• Keep an eye out for overly urgent language in the messages you receive. This is a common phishing tactic meant to get you acting first and thinking later. If a message of any kind pushes you to act immediately, it should be seen as a signal that something may not be right.
• We can’t pretend that all requests for over-the-phone payments are going to be fraudulent, despite the fact that this is the case where Amazon is concerned. However, it is important to keep in mind that a legitimate business will never demand that you pay them in gift cards… particularly those associated with an opposing brand.
• There are a lot of ways that a scammer can disguise a phishing link, so it is generally best to avoid clicking on any provided links and instead navigate to the legitimate website independently and proceed from there.

Scams Aren’t an Amazon-Specific Problem

Don’t get us wrong, we’re glad to see a business with the reach that Amazon has sharing cybersecurity practices and spreading awareness. However, it is important that these practices are applied to every email you receive at home and especially in the workplace, along with other assorted security measures and safeguards.

CoreTech is here to assist the businesses of Kentucky with their information technology needs, including their cybersecurity and related concerns. Give us a call at (270) 282-4926 to learn more about what we can do.