Fraudsters are targeting Amazon shoppers in the US, UK and Australia this holiday season with a new "authentic-looking" phishing scam that attempts to steal users' personal and bank details.
The fraudulent email, which has been sent to thousands of consumers, includes the subject line: "You Amazon.com order cannot be shipped." It also asks them to confirm "certain information" by clicking on a link, noting that they will lose access to their Amazon account and will be unable to place any future orders if they fail to do so.
The link directs people to "seemingly credible but fake website" that asks them to type in their personal information including their name, address and bank card information, according to a Get Safe Online advisory released in November. After plugging in their personal details and clicking the "Save & Continue" button, consumers are then automatically redirected to Amazon's official website, making it increasingly difficult for consumers to realise they have been duped.
"Using your details, the fraudsters will be able to use your details to make purchases in your name and potentially also open financial products in your name," Get Safe Online wrote in a blog post. "This is an opportunistic scam that is being perpetrated in the sure knowledge that many shoppers will have ordered goods from Amazon, and will be keen to know the progress of their order."
Get Safe Online also warned that if the spoof email contains an attachment, it is likely to contain malicious malware that will infect your computer or mobile device if clicked on.
Amazon announced it will offer Black Friday-like deals as often as every five minutes through 22 December.
According to the online marketplace's help page, emails sent to customers regarding an order that they did not place are likely not from the company.
"From time to time you might receive emails purporting to come from Amazon.co.uk which do not come from actual Amazon.co.uk accounts," the company said. "Instead, they are falsified and attempt to convince you to reveal sensitive account information. These false e-mails, also called 'spoof e-mails' or 'phishing e-mails,' look similar to real emails.
"Often these e-mails direct you to a false website that looks similar to an Amazon.co.uk website, where you might be asked to give your account information and password. Unfortunately, these false websites can steal your sensitive information; later, this information can be used without your knowledge to commit fraud."
Customers who are concerned about their orders placed from Amazon should head over directly to the company's website and confirm whether their order information under "Your Orders" matches the details in the suspect email. It added that users should check whether the email was sent from an Internet Service Provider other than @amazon.com. If not, it is a scam email.
You may be interested in: