Cybercriminals are sending out spoofed or fake Amazon email alerts that appear to have been sent by Amazon. The spoofed emails' "From" address line contains "account-alert@amazon" or "email@example.com" which makes it appear as if they came from Amazon. The fake emails will ask recipients to click on a link, which goes to a phishing website that steals personal information and account credentials. Or, the email may contain an attached HTML form that the recipients are instructed to complete and submit.
Therefore, to protect your self against Amazon phishing scams, it is recommended that you go directly to www.amazon.com and sign into your account. Once you are signed in, Amazon may alert you to important alerts, updates or changes. Or, you may check your account or call Amazon's customer service.
Remember, Amazon will never send you an unsolicited email that asks you to provide sensitive personal information like your social security number, tax ID, bank account number, credit card information, ID questions like your mother's maiden name or your password. If you receive a suspicious email, report it immediately.
Suspicious emails or webpages not from Amazon.com often contain:
- An order confirmation for an item you didn't purchase or an attachment to an order confirmation
Note: Go to Your Orders to see if there is an order that matches the details in the email. If it doesn't match an order in Your Account, the message isn't from Amazon.
- Requests for your Amazon.com username and/or password, or other personal information
- Requests to update payment information
Note: Go to Your Account and select Payment options. If you aren't prompted to update your payment method on that screen, the message isn't from Amazon.
- Links to websites that look like Amazon.com, but aren't Amazon
- Attachments or prompts to install software on your computer
- Typos or grammatical errors
- Forged email addresses to make it look like the email is coming from Amazon.com
Note: If the "from" line of the email contains an Internet Service Provider (ISP) other than @amazon.com, then it's a fraudulent email.
Important: Phone Calls
While some departments at Amazon will make outbound calls to customers, Amazon will never ask customers to disclose or verify their Amazon.com password, credit card, or banking account number.
If you receive a phone call asking you to disclose the above information, please visit www.amazon.com/gp/help/contact-us/report-phishing.html to report the phone call to Amazon.