Amazon Prime Scams: New Phishing Attempts Target Customers

Amazon is the largest online retailer in the world. Millions of people shop there, and over 200 million people have an Amazon Prime subscription, giving Amazon over $500 billion in revenue every year. And we all know that scammers like to be where the money is. So many people use the company and so much money passes through it that Amazon Prime scams can be massively profitable. New variants of these scams are becoming so prevalent that Amazon has actually sent messages to Prime customers warning about them. If you use Amazon or have a Prime subscription, you need to be aware of these trends so you can protect yourself. The big trend in Amazon Prime scams right now is impersonation. Scammers pretend to be official Amazon representatives or make their messages look like official Amazon communications. Their goal is to trick you into thinking you’re talking to the real company. Then they use that trust to steal your payment information, identity information, or Amazon login credentials. Scammers may reach out with these scams by email, phone call, text message, social media, or any way they can contact you. And they have a bunch of different stories depending on what channel they’re using and what they want. But there are a few things that are always the same: They’re not really affiliated with Amazon, and they want to steal from you. The most common ploy in Amazon Prime scams right now is fake subscription renewals. These messages often come through email . Often, there is some of your personal information included. Scammers get this information from data breaches and hope that you’ll assume it’s legitimate because they have your info. And the email often looks perfectly legitimate. Generative AI tools let scammers quickly and easily generate emails impersonating a company that look exactly like real emails from that company. These emails generally claim one of two things. The first story is that your Amazon Prime subscription is going to renew soon, but the price is much higher than you were expecting. The other one is that there was an issue with your subscription renewal and you need to update your payment information. The message may claim you have a short timeline to respond or you’ll have to pay a large fee if you don’t act fast. And the email always includes some sort of button or link. It may be labeled “Cancel Subscription,” “Update Your Account,” or anything else. The goal is to get you to click. That link will take you to a website that looks like Amazon. But it’s actually a fake website that just looks like Amazon. When you enter your credentials to log in, they go straight to the scammer. If you received the “please update your payment information” version of Amazon Prime Scam, there may also be a place for you to put in credit card or bank information. Any information you put in will go to the scammer. Then they can get into your account, use your card or access your bank account, and steal from you. The membership renewal message is the most common kind of Amazon Prime scam right now. But it’s not the only one out there. These are some other versions of Amazon Prime scams you may see. This is a fairly common scam tactic, and works well as an Amazon Prime scam. The scammer starts by sending you a fake order confirmation. Often, this is an email. Sometimes, they send a text message, a social media message, or even call you claiming to be from Amazon customer support verifying an order. The order is always something expensive – an amount of money you don’t want to lose. The goal is to make you afraid there’s been fraud on your account and someone is spending your money. The message (or person on the phone) has a process to help you, though. You can do certain steps to cancel the order and make sure you don’t lose that money. A message may tell you to click a link or call a phone number to talk to “customer service” or “Amazon fraud prevention.” If they have you on the phone, the person may ask for your personal information under the guise of “verifying” you, say they need your credentials or payment information to secure your account, or tell you install a piece of software so they can help. Whatever the story and the solution, the goal is always they same. They want you to click a link and enter your information, install spyware so they can collect your information, or tell them your information over the phone. They then use that information to take over your Amazon account, steal your money, or steal your identity . This Amazon Prime scam is very similar in strategy to the subscription renewal scam, just with a different story. You receive some kind of message that your Amazon account is about to be suspended or deletion. What the actual reason is varies – and it also doesn’t matter. The scammers are banking on the fact that you don’t want to lose your Amazon account regardless of the reason. Whatever the stated reason, there is something you can do about it. You can dispute the suspension or deletion, or there’s a way you can remedy the problem. What the solution is varies, too, depending on what the scammer wants. But it usually boils down to one of three things: Click on a link (and enter your information), provide certain information (login credentials, identity information, or payment information), or pay a fee. If you comply, your account isn’t deleted or suspended – because it was never at risk in the first place. But now scammers have your money, your login information, or your identity. This Amazon Prime scam offers you money in the form of a refund. Due to a billing error, some kind of fraud activity on your account, or another excuse, you’re due for a refund. The scammers are baiting you, hoping you’ll be too excited about the prospect of getting money to look closely. This refund doesn’t happen automatically, they tell you. There’s a step you have to take for them to process it. That step may involve clicking a link, putting your information into a website, sharing personal or payment information with a representative over the phone, or even giving an “Amazon customer service” person remote access to your device. The end result is the same as every other Amazon Prime scam. You never get that promised refund, and now scammers have your information. Amazon Prime scams are often difficult to spot. Especially if they come in the form of an email, they can look accurate enough that even experts have a hard time telling they’re fake. But there are still some signs you can watch out for. This is a common sign of scams in general. Real businesses work on much longer timeframes than scammers do. Scams pressure you to act fast, and often threaten consequences if you don’t. An email or text message will want you to act within 24 hours (or less); a scammer on the phone wants you to act immediately. A genuine message from Amazon, though, will often give you weeks or even months to deal with it. A real Amazon employee will never ask you for payment information or sensitive personal information. That includes passwords, bank information, credit card information, your social security number, or anything like that. And Amazon will never ask you to provide any of that information by phone, by email, by text message, by social media message, or on any website that isn’t Amazon itself. Amazon employees have access to Amazon’s systems. Scammers don’t. So genuine Amazon employees will direct you to do anything you need to do through Amazon’s official website or app. Scammers, though, need you to pay through other websites, payment apps , wire transfers, gift cards, cryptocurrency, and all kinds of other methods that aren’t Amazon. A real Amazon employee would never ask for payment at all. If you do need to pay something, they’ll just tell you how to do it on Amazon’s website or app. Amazon owns amazon.com (and its regional variants, like amazon.co.uk). That means that if you go to amazon.com or get an email from [email protected] , those are genuine. But scammers love to do tricky things to make it look real. They spoof email addresses , use URL tricks , and do anything they can to keep you from looking too closely. You can defeat this by taking the time to look. Is that email from [email protected] ? That’s fake. Is the url AMAZ0N.COM with a zero instead of an O? That’s also fake. Read this article to learn more about how to spot these kinds of tricks . Amazon doesn’t reach out to you about customer service things through social media messages. They just don’t. If you get any message on social media about an account issue, refund, or order, it’s an Amazon Prime scam. You’ve probably heard the old saying, “An ounce of prevention is worth a pound of cure.” That’s especially true when it comes to scams. Just a little bit of effort to protect yourself and keep yourself safe is many thousands of times easier than recovering after you got caught in a scam. Your best defense is to always be cautious. It’s good cybersecurity practice to never click links in emails, even if you’re almost certain it’s legitimate. If you never click a link and always go directly to the Amazon app or website, you won’t click on a malicious link. It’s a good idea to turn on 2-factor authentication (which Amazon calls 2-step verification, or 2SF). You can turn this on in your Login & Security settings. Also consider removing stored payment information from your account. Yes, it will be more inconvenient to put in your card information every time, but it will also keep any criminal who gets into your account from getting access to your money. You can also take steps to verify. All legitimate messages from Amazon have a copy in the Message Center in your account. Log in on the app or official website and check the Message Center. If whatever message you received is also there, it’s a genuine communication from Amazon. If not, then it’s fake. Amazon has also partnered with the BBB’s Scam Tracker to let you search reported scams by URL, email address, phone number, and more. And if you’ve gone through all that and you’re still not sure, you can always reach out to Amazon’s customer service through their website or app. The customer service representatives can help you figure out if you’re dealing with a scam or not. So you’ve spotted an Amazon Prime scam, or at least something that looks suspicious. Now what? If it’s through a message and there’s any kind of link, DO NOT click on it! While Amazon Prime scams are often after your credentials or personal info, some may add malware to their links as well. If you’re on the phone with a representative, tell them you want to hang up and verify first, then you’ll call back. A real Amazon employee will understand that you care about security. If they try to convince you not to, they’re really a scammer. If you’re not entirely sure if the message is a scam or not, you can take steps to verify it. All genuine messages have a copy in the Message Center of your Amazon account. Go directly to amazon.com (or your regional variant) or open the Amazon app and check the Message Center. If there’s not a copy of the message there, it’s fake. You can also have Amazon customer support take a look at it for extra verification. Send the message to [email protected] or chat with customer service through the website or app and they’ll help. If you haven’t clicked on anything or interacted with it, it’s safe to ignore Amazon Prime scams. There’s not really an issue. But we still recommend reporting it to help both Amazon and law enforcement keep track of scam trends and work to stop these scammers. If you clicked on the link or gave your info to someone and then realized it was a scam, take action immediately to protect yourself. Start by logging into the actual amazon.com and changing your password. Make it something long, strong, and random. If you can’t get in, the scammer may have already taken over your account. Contact customer service for help getting it back. If you sent money, report it to wherever you sent the money. Let your bank know what happened, too. That way they know there may be fraudulent charges on your account in the future. It’s also a good idea to notify your credit card companies and other financial institutions so they’re aware. Make sure you monitor your credit report closely, or even consider freezing your credit for more safety. Turn on 2-step verification (2SV) on your Amazon account if you haven’t already. This will keep scammers who got your password from getting in. Also turn on 2-factor authentication on your financial accounts while you’re at it. If you re-used your Amazon password anywhere else, change those passwords, too! (A password manager can help you make strong and unique passwords.) If you have an antivirus software, run a thorough scan on your device. And if you don’t have one, get one and then run a scan. Finally, document everything. Take screenshots or write down any information you have. Dates, names (even fake ones), what story they told, any phone numbers or email addresses they contacted you from, any URLs they wanted you to go to, what information they wanted you to send or how they wanted you to pay – even if the information is likely to be fake, it’s all helpful. Save it somewhere safe, because the next step is reporting it to law enforcement. If you have run into an Amazon Prime scam, whether or not you clicked on anything, sent money, or gave your information, it’s good to report it. This helps law enforcement track, catch, and prosecute scammers, and it helps Amazon learn what scammers are up to and create methods to prevent them. The WhatIsMyIPAddress.com Scam Report Preparation Guide can help you get prepared to make your report. Once you’re ready, report it with as much detail as you can. We recommend reporting to the following places: Report with as much details as you can. Amazon often doesn’t respond to reports directly, and government agencies may investigate for years before they make a move. So don’t worry if you don’t hear anything immediately. Save all your evidence somewhere safe in case law enforcement needs it to prosecute the scammers, and know that your report is helping fight scams for everyone.