The rising threat of Amazon scams
Every 39 seconds, someone is being targeted by cybercriminals. Cyberattacks cost the world $6 trillion in 2022 and are expected to reach a yearly value of $10.5 trillion by 2025. Scams are a growing problem for all online retailers. And Amazon, the world’s largest, also happens to be a favorite playground for scammers.
According to the Federal Trade Commission’s Data Spotlight, one in three scammers who pretend to represent a business say they work for Amazon. Between July 2020 and June 2021, over 96,000 people reported being targeted on the platform. Half of the Amazon fraud victims lost more than $1,000, while their total losses exceeded $27 million!
Already planning to quit shopping online? Well, don’t! Data regarding scams on Amazon may be overwhelming, but there are tools that can save you a lot of time, worry, and - potentially - money. An advanced password and passkeys manager, like NordPass, can encrypt your login credentials, including credit card numbers, and allow saving, auto-filling, and sharing them securely. It’s a safe and convenient way to store your Amazon password, especially if you add an extra layer of security to your NordPass encrypted vault by activating multi-factor authentication (MFA).
Now, let’s take a deep dive into the most common Amazon scams! Unfortunately, there’s a lot of them.
What are the most common Amazon scams?
Phishing emails may seem to be as old as the internet itself, but they’re still one of the top tactics for cybercrooks. Amazon email scams happen when cybercriminals pretend to be the company’s representative and send phishing emails to their customers. Usually, they intend to steal sensitive information or convince people to send money to their bogus accounts.
Cybercrooks are quite resourceful when it comes to coming up with new phishing email scenarios. Get to know their most common tactics:
Notifications informing about an issue with your account like billing questions, a problem with a recent order, malicious takeover of an account, or a pending refund (sweet, right?).
Creating a sense of urgency: Matters described in phishing emails always have to be resolved right away! There’s no time to wait and think. To make you act on this sense of urgency, phishing emails include a link or phone number.
Clicking the link may redirect you to a fraudulent website where you’ll be asked for sensitive information. The site may also initiate the download of malware on your computer or mobile device.
If you call the number, you’ll most likely be connected with an Amazon impersonator, trying to get your disclosed financial information or account login credentials.
When the deal seems too good to be true, it usually is. What you get instead of a new iPad at a great price is a counterfeit or fake product.
Counterfeit products are designed to deceive customers into thinking they are purchasing authentic items produced by popular brands when in reality, they are getting lower-quality replicas. Such fakes can range from clothing and electronics to cosmetics and accessories.
Scammers’ Amazon stores may look professional and legitimate, and the prices of fake products are so attractive they lure buyers looking for a deal. Unfortunately, customers end up receiving substandard or even dangerous items that often don’t meet safety or quality standards.
Almost 75% of customers check reviews on Amazon before making a purchase. The question is: How thoroughly do you actually do it? If you just glance at them briefly and base your buying decisions mostly on the ratings, you may fall for a scam tactic called review hijacking!
Cybercrooks take over old item listings with 5-star reviews and replace them with fake or counterfeit products. They change pretty much everything: photos, description, and price but leave the reviews.
This way, cybercrooks can sell low-quality products to customers who don’t actually read the reviews. If customers spent a minute reading the reviews, they would most likely find out that the comments don’t match the listing.
Third-party seller scams
Amazon allows third-party sellers to list and sell their products alongside ones sold by Amazon itself. Most of them are legitimate and offer genuine products. However, scammers can set up an Amazon store to deceive customers and make illegal profits.
Here are some of the most common tactics cybercrooks disguised as third-party sellers use:
Selling fake or counterfeit products.
Review hijacking to make their products appear better than they actually are.
Products that never arrive: Scammers take your money but never ship purchased items.
Manipulating the reviews: Ingenuine sellers may boost their product ratings and reviews by engaging bots or people to write fake reviews.
Unauthorized reselling: Scammers list products they don’t have the right to sell. This may seem harmless but can result in issues with warranties, customer support, and product authenticity.
Bait and switch tactic: Advertising a popular product at a very low price to attract buyers. When you place an order, you’re contacted and told the product is unavailable and then redirected to a different, more expensive one.
Phishing and stealing personal data: Some third-party seller scams involve phishing emails or fake websites that aim to collect your personal and financial information under the guise of order confirmation or account verification.
Amazon gift card scams
Gift cards are easy to buy and almost impossible to trace. Once you’ve given their serial number to scammers, there’s not much you can do to get your money back.
In the most popular scenario, cybercrooks pretend to be someone you trust: a friend, family member, or law enforcement officer. They can ask you to help them buy a gift card for a birthday present or make a false claim that you owe some money. As usual, the situation is very urgent, so you’re being pushed to act fast. Once you purchase the gift cards, they use the funds quickly, before you realize what happened.
Scammers may also send emails or text messages claiming you won a prize but you have to pay a “processing fee” first. They may also inform you about payment issues that resulted in you being refunded too much or paying too little. In both cases, they ask you to buy Amazon gift cards to set things straight.
Some malicious tactics can also involve social media, such as Facebook. If cybercrooks hack your account, they may impersonate you and ask your friends for gift cards.
Amazon text scams
If you ever received a text message from cybercriminals pretending to be somebody else, you’ve been targeted with smishing. According to the Federal Trade Commission’s data presented at the beginning of this article, odds are scammers were impersonating Amazon.
Similar to phishing emails, scam texts can inform you about an urgent matter or congratulate you on winning the prize. All of them create a sense of urgency and contain false contact information. If you call the phone number provided in the message, you’ll most likely be connected with a scammer trying to steal your Amazon account details. Clicking the link may take you to the fraudulent website or start the download of malware.
Scam texts can mimic actual texts quite well. That’s why you should always check if the website address is legitimate and only call numbers found in the Amazon app or on the official website.
Amazon technical support scams
Amazon technical support scams are especially tricky because contact with the scammer is usually initiated by the customer looking for help. Cybercriminals often advertise their fraudulent websites well. They may appear near the top of the search results and be almost unrecognizable from the official Amazon page. If you look for the technical support number in your browser, instead of the Amazon Appstore app or the company’s official website, there’s a chance you’ll find a scam number.
When you call it, scammers may ask you to grant them access to your computer, share login details, or even make payments to them. Remember, Amazon never asks about your password or forces you to share a 2FA authentication code. Only fake technical support does that!
Amazon brushing scams may seem harmless or even beneficial. After all, who doesn’t like getting free stuff? Nevertheless, they should be taken seriously as a signal your personal data was compromised (cybercrooks had to get your name and address from somewhere…).
A brushing scam happens when someone sends you stuff you didn't order. Usually, they are inexpensive and cheap-to-ship items like headphones or Bluetooth speakers. Scammers do that to make it look like you bought their stuff so they can write fake positive reviews for their products under your name. A series of such positive reviews elevate a scammer’s product ratings and make them look more legitimate to potential buyers.
In some cases, scammers might also use this scam tactic to harvest data. By sending packages, they confirm your address which could be useful for other, more harmful cyber frauds.
Fake order confirmations and invoices
Imagine this: you just got an invoice or order confirmation for the newest iPhone, one that you didn’t order. The first impulse is to cancel it as fast as possible. And that’s exactly what cybercriminals want you to do: to click the link or call the fake number.
If you catch the bait, scammers will try to extort your account information for “safety reasons.” That’s why you should never act on such suspicious messages. Instead, log in to your Amazon account or open the app and check the “Orders” section. No order confirmations mean you’ve been contacted by a cybercriminal.
Amazon Prime Video scams
The mechanism of Amazon Prime Video scams can be similar to technical support frauds. In both scenarios, scammers target people who deal with technical issues and look for information on the internet. Searching “how to set up Prime Video” may take you to a fraudulent website where scammers will try to learn your Amazon account login credentials.
You can also encounter different Amazon Prime Video scam scenarios:
Phishing scams: Scammers send fake emails or messages, claiming there is an issue with your Prime Video account.
Fake subscription renewal: You may receive a message saying your Prime Video subscription is expiring and you need to renew it immediately.
Malware: Scammers might send messages claiming you need to download a special player or software update to continue watching stuff on Prime Video. In reality, these downloads contain malware that infects your device.
Free trial scams: You can be offered a fake free trial for Amazon Prime Video. Scammers ask for your credit card information to access the trial, but they end up charging you for other services or making unauthorized transactions.
Compromised account: In some cases, scammers gain access to legitimate Amazon Prime Video accounts through phishing or hacking. Then they take over the account and use it for fraudulent activities.
Fake Amazon job offer scams
Cybercriminals list fake but attractive Amazon job offers online to trick people into providing personal information, paying fees, or even performing certain tasks for them.
Victims receive emails, messages, or phone calls claiming they've been selected for a job. Scammers pose as Amazon recruiters, human resources personnel, or hiring managers and provide detailed job descriptions, salary information, and other convincing details. They might even use fake email addresses, websites, or phone numbers that closely resemble Amazon's official contact information.
To "finalize" the job offer, scammers ask you to provide personal information such as Social Security numbers, bank account details, copies of ID, or other sensitive data. In some cases, you may be asked to pay a “recruitment fee” or even receive a fake job contract including hidden terms or harmful clauses.
In different scam scenarios, cybercriminals offer Amazon work-from-home positions. They may involve receiving and reshipping packages containing stolen goods or handling financial transactions. Getting such a job means becoming involved in money laundering or other illegal activities.
What to do if you were scammed on Amazon
Let's explore different scenarios.
If you got scammed by an Amazon seller
If you never received the purchased item, it arrived damaged, or defective, or your return request wasn’t authorized by the seller within 48 hours, here’s what you should do:
Stop communication right away and gather the evidence: Don’t buy or give any more personal or financial information to the ingenuine Amazon seller. Instead, gather all relevant evidence of the scam. This could include screenshots of conversations, order details, payment receipts, emails, and any other correspondence related to your purchase.
Change your passwords: If you have shared any account information with the scammer, change your Amazon account password as soon as possible and enable two-factor authentication to add another level of protection to your account.
Contact Amazon customer support: Report the case to Amazon’s customer support. Amazon protects you from ingenuine third-party sellers, offering A-to-Z Guarantee. The guarantee covers both the timely delivery and conditions of your items. What does it not cover is purchases made outside the Amazon Marketplace so always be sure you buy stuff on the platform.
Check your payment method: Contact your bank or credit card company to explain the situation. They might be able to assist you in disputing the charges or taking actions to prevent further unauthorized transactions.
Check the reviews: Check the seller's reviews on Amazon. If others have reported similar issues with the seller, it can strengthen your case.
Inform the authorities: If the scam involves any illegal activity beyond Amazon's platform (such as credit card fraud), report it to the police.
If you shared your personal information with a scammer
If you've shared personal information with an Amazon scammer, it's important to stay calm and act quickly to protect yourself from identity theft or other potential harm. Here's what you should do:
Change passwords: Change your Amazon password immediately. Make sure your password is complex and strong, and there are no similarities between it and the compromised one. Also, if the scammers could get a hold of your internet bank account password, change it as well!
Contact the financial institutions: If you have shared financial information, such as credit card numbers or bank account details, contact your bank and credit card companies immediately. Explain the situation and ask them to monitor your accounts for any suspicious activity.
Enable multi-factor authentication (MFA): It adds an extra layer of security to your Amazon account by requiring a second verification step (code sent by text message or authenticator app) in addition to your password. This way, if your Amazon login credentials get compromised, cybercriminals won’t be able to access your account without the code.
Inform Amazon: Report the incident to Amazon customer support.
Contact credit bureaus: Your personal information could be used for identity theft. That’s why consider placing a fraud alert or security freeze on your credit reports with major credit bureaus. This will make opening unauthorized accounts in your name way harder.
Report to authorities: If the scam involves illegal activities, such as phishing, fraud, or identity theft, report it to the police. You can also file a complaint with the appropriate government agency responsible for handling cybercrime.
Use up-to-date tools which will keep you safe: Make sure your devices have up-to-date antivirus and anti-malware software, and your login credentials are kept safely in the password manager. Run scans to ensure your system is clean from potential threats.
Be wary of further contact: Cybercrooks might attempt to use the information they gathered to contact and scam you again. Be cautious of suspicious messages or requests for additional information.
If you send money, cryptocurrency, or gift cards to a scammer
What you should do depends on whether you’ve sent the cybercrook money, cryptocurrency, or Amazon gift cards.
Contact the bank card issuer, the company you sent the transfer with (e.g. Western Union, Venmo), or the postal service: Explain it was a scam transaction and ask to reverse the payment.
File a police report.
Amazon gift cards:
If the scammers already used the funds on the gift cards there’s not much you can do. However, it’s still important to report the incident and warn other potential victims.
Contact Amazon customer service through the official website or an app and report the incident.
Report to the police.
Payments made in cryptocurrency are usually irreversible. However, you can still report the scam to the company involved in the transfer. Even if you won’t get your money back, you will protect others.
Contact the company you used to make a transfer and ask to reverse the transaction.
File a police report.
Reporting Amazon scams and suspicious activities
Any suspicious activities or items you encounter on Amazon should be immediately reported to Amazon customer service. Doing so requires logging in to your account via Amazon.com or using the Amazon app.
Protecting yourself from Amazon scams
Don’t share your login credentials
Amazon never asks you for your password or authentication code! Not to mention banking information or credit card numbers. Only scammers impersonating Amazon representatives do that.
By the way, if you’d like to share the Amazon Prime Video password, do it safely through a reliable password manager.
Make your passwords strong and keep them in a safe place
Reusing passwords or making them easy to remember can put you in danger and may even result in losing your Amazon account to scammers. Use password generators to create unique and random passwords or switch to more secure passkeys. Enable 2-step verification to make sure nobody can log into your account without the code sent to your phone.
Keep passwords and passkeys in the password manager. Some of them, like NordPass, allow you to store credit card details and autofill them when you’re making a purchase. Moreover, high-end encryption makes your data invisible to everybody but you!
When shopping, never leave Amazon Marketplace
As long as you stay on Amazon Marketplace, you’re protected by its A-to-Z Guarantee. This way the online retailer makes sure its customers won’t fall prey to ingenuine third-party sellers.
However, if you click on the link in a phishing email or call the number from a smishing text message, there’s no more guarantee you’ll ever get your money back. Remember, the official Amazon.com website and Amazon Shopping app (available for both Android and iOS) are your most reliable sources. If you need to contact customer service, you’ll find the contact details there.
Check it twice
Scam Amazon websites, emails, or texts are designed to mimic legitimate company communication. But, luckily, they’re never exactly the same!
Fake Amazon websites have slightly different URLs than Amazon.com. On the official site, there’s always a dot between the company’s name and domain extension, reflecting the country you’re purchasing from. For example, if you’re buying from a UK website, you’ll see the URL amazon.co.uk.
The same rule applies to legitimate emails. That’s why, whenever you get an email from Amazon, always check the sender's address. If the domains don’t match, it’s a scam!
Another indicator of fraudulent messages is linkings. The genuine ones always start with "https://www.amazon.de” when you’re viewing the German store, or "https://www.amazon.com” for the international store. Never click on the links in emails you’re suspicious of and check them at least twice!
Cybercrooks come up with a new scam scenario every day. That’s why there's no bulletproof solution to prevent Amazon fraud. You can reduce your risk only by staying aware, vigilant, and well-informed. Protect yourself with a reliable and up-to-date security system, avoid sharing sensitive information online, and report any suspicious activity to the retailer and authorities.