And so it begins. Every year more and more people are buying their Christmas presents online, and with the success of events like Black Friday and Amazon’s Cyber Monday, online shopping has never been more popular. And with online shopping comes a wave of emails – from order confirmations to shipping notifications and delivery notices. Because we are all used to putting our details into stores online, we expect these emails and treat them as part of the process – often clicking on the links within them without a second thought. But now, criminals have caught on to this, and they’re making a killing from it.

What’s The Scam?

Over the last few weeks, cyber criminals have been targeting Amazon customers with a very convincing new phishing scam, aimed at stealing their bank details in the run up to Christmas. The spoof email was sent out to thousands of people across the UK, US and Australia, and said that their Amazon.com order cannot be shipped. The message claims that there is a problem processing the recipients order, and adds that they will not be able to access their Amazon account or place any other orders until they confirm their payment information using the link provided. As this is the run up to Christmas and the targeted people were known customers of Amazon, it wasn’t surprising that many people clicked on this link.

When clicked on, the link leads to an authentic looking Amazon page, and simply asks the victim to confirm their name, address and payment card information by entering it into the boxes. When entered, the information goes straight to the criminal, who can then use it however they choose, often racking up huge bills before the victim has noticed anything is wrong. Of course, if the victim had gone to Amazon independently instead of clicking on the link, they would have seen there was nothing wrong and realised it was a scam. In fact, that’s how it was discovered.

So What Can You Do?

Unfortunately, with so many people using Amazon to buy Christmas presents at this time of year, sending out random emails gives scammers good odds of reaching someone who is actually waiting for an Amazon order and concerned that it might not arrive in time. Amazon has provided a help page on their website for people who believe they may have received one of these spoof emails.

“From time to time you might receive e-mails purporting to come from Amazon.co.uk which do not come from actual Amazon.co.uk accounts,” the retailer said, “Instead, they are falsified and attempt to convince you to reveal sensitive account information. These false e-mails, also called ‘spoof e-mails’ or ‘phishing e-mails,’ look similar to real emails. Often these e-mails direct you to a false website that looks similar to an Amazon.co.uk website, where you might be asked to give your account information and password. Unfortunately, these false websites can steal your sensitive information; later, this information can be used without your knowledge to commit fraud.”
Amazon went on to explain that they will never ask you for any of the following information in an email:

• Your National Insurance Number
• Your bank account information, credit card number, PIN number, or card security codes (including ‘updates’ to any of the above)
• Your mothers maiden name or other information to identify you (such as your place of birth of your favourite pet’s name
• Your Amazon password

Amazon have advised that if you think you have received a scam email impersonating them, to review the email for poor grammar of typographical errors. This is because many phishing emails are translated from other language and sent without being proof read, so often contain bad grammar and spelling mistakes – unlike Amazon’s emails. They also warn to look out for suspicious return addresses (theirs will always end in @amazon.com, @amazon.lu or @amazon.co.uk) and website addresses (as they always use websites that end in amazon.com etc, and never use a combination like amazon.co.uk.biz) They suggest that if you find such errors, an email asking you for any of the above information or containing links to ‘review your payment information’ you get in touch with Amazons support team WITHOUT clicking on the link in the email. Instead, open your browser and go to the site you know to be genuine and seek advice, as they will be able to confirm if the email is genuine or a scam.

As always, make sure you keep an eye out for what you click on when you’re online. Christmas can be a stressful, rushed time and can make us distracted – which is what scammers count on. Make sure you stay vigilant and stay safe this year, so you don’t end up opening a credit card bill for Christmas. For more information or support, get in touch with us today.

SHARE IT: