Amazon scams flooding your SMS and email (consumer advice)

Amazon scams have reached new highs with the company the target of the latest wave of AI scams. It is a Prime target (pun intended), as 7.9 million Australians now shop at least once a year or have a Prime+ subscription.

Interestingly, it is the only online brand (excluding Chinese-controlled data harvesters Temu – more Chinese spyware – the catch in cheap online shopping and Shein – more Chinese spyware – fast fashion at the expense of privacy to grow market share in 2023-24 by a massive 16%.

Its breadth of goods and services is now the fertile field that AI ploughs. As a Prime+ member, we now receive between 5 and 10 scam SMS and emails a week. That is up from almost none until the end of July.

The scams are all similar in execution. They involve an SMS or email from Amazon spoofing its legitimate SMS or email address. The scam makes a claim that requires you to verify—if you don’t, you will be billed. The Prime scam involves a notice that your membership has expired and you need to renew.

They offer a web link or an 1800 phone number to verify the issue. Both of these land you on an AI-generated Amazon page or auto-answer that experts would be hard-pressed to tell the difference from the real thing.

The stick-and-carrot appeal – do something now

The stick is that you must log in with your membership details and password. The carrot is that it will stop the issue.

You must verify your account with your mobile number to get a verification code to stop the transaction. With this information, scammers can take over your account to buy goods. There is a high likelihood that you have reused a password, and AI can use it to breach other accounts.

Or worse, you provide your credit card details to renew Prime. That is all they need to empty your credit card limit.

See the ‘urgency appeal’ below – you have 2 minutes 51 seconds…

The most common Amazon scams

There are dozens of scams, but the predominate SMS or email scams include:

  • Unauthorised purchase – verify or be charged
  • Unusual activity on your account has resulted in a block until you check it.
  • You have won a prize or mystery box
  • You are entitled to a refund
  • Receive free goods to write a review
  • Fake tech support involving downloading an app to fix things
  • Prime Membership
  • Fake Prime Video authorisation site
  • Gift card purchase
  • One Time code
  • Track your order
  • Message from Amazon delivery driver – can’t find you
  • Non-delivery
Forgot password is a scam that allows scammers to get into your account.
Amazon scams
Amazon scams

How to handle Amazon scams

Amazon will never ask you to disclose your password or verify sensitive personal information over text, email, or any website other than the legitimate country site, e.g., Amazon https://www.amazon.com.au/.

Go directly to the site and log in. Under Your account, go to Message Centre, where you will see a list of all legitimate messages sent from Amazon to you.

Amazon says this tsunami of AI-driven scams is more effective than ever because of its penetration in the Australian market. It updates details monthly on trustworthy shopping.  

  • Trust Amazon-owned channels: Always use the Amazon mobile app or website for customer service, tech support, or to make changes to your account.
  • Be wary of false urgency: Scammers try to create a sense of urgency to persuade you to do what they’re asking. Be wary whenever someone tries to convince you that you must act now.
  • Never pay over the phone: Amazon will never ask you to provide payment information, including gift cards (or “verification cards,” as some scammers call them) for products or services.
  • Verify links first: Review the link for misspellings or repeated characters. Legitimate Amazon websites contain “amazon.com.” When seeking help with Amazon devices/services, orders, or to make changes to your account, go directly to our website.
  • Verify email senders: Review email senders before clicking on email attachments. Legitimate Amazon emails contain “@amazon.com.” In your web browser, hover over the display name under “From” to see the full sender address. Look for misspellings or added or substituted characters.
  • Report any suspicious activity.  

CyberShack information on recent scams, including new and dangerously successful AI scams, is here.

We are hearing of similar increases in activity from major retailers like JB Hi-Fi, Harvey Norman, Myer, etc., mainly about a problem or recall of a previous purchase.

Previous Post
Next Post