The largest e-Commerce and Marketplace website in the West -in the East is AliExpress-, Amazon has more than 6.5 million users in Spain alone, which makes it a perfect magnet for cybercriminals who use this service as bait given the huge number of potential victims they have.
But be careful if you have an Amazon account, because the PandaLabs team, the Panda Security Laboratory, has detected various phishing techniques in which scammers impersonate the popular marketplace to get either your account or your bank details directly.
Steal your Amazon account
One of the best known, the mail with a false purchase order has been used for a long time, and it works like this: Through an email, whose sender is not Amazon and can use names such as:
- customer service
Scammers pretend to be on the Marketplace warning about a purchase made.
According to Panda, “visually it is similar to Amazon communications, only that in this case invites the victim to access a link to verify their account in the event that you have not made such a purchase. The trick is that the URL redirects the user to a fake website whose only function is to get the email and password for their account ”.
The great alternative offers or gift card scam is based on the same principle of a fraudulent URL. “The common denominator is to send a hook email with discounts or gifts”, and incite the victim to verify their account on a website designed by cybercriminals or to finalize a purchase from a platform external to Amazon. With this, they already have your data
Steal your bank details
Another phishing scam consists of not to steal your account, but to get hold of your bank details directly. The first warning sign is to receive an email from Amazon in which you are notified of an unauthorized purchase or invites you to have a favorable treatment from the company. In this case, “cybercriminals invite the victim to create an account in Amazon Business, a type of account that instead of offering domestic benefits such as Prime, is aimed at companies.”
The trick is as follows, to ‘offer you a 25% discount code on the first purchase’, lCyber scammers claim to need to confirm your Amazon account. That is, that you provide them with the access data (email and password) to verify your account.
In addition, they add that in a period of up to 48 hours, they will send the discount code. “When the most probable thing is that in that time, they have taken the opportunity to make a multitude of purchases supplanting the identity of the legitimate owner of the account “, apunta Hervé Lambert, Global Consumer Operations Manager de Panda Security.
In fact, the key to marking that 48-hour period seems to be adjusted to the one-day shipping service that the Marketplace has. In this way, as far as the victim is aware that they have been scammed, cybercriminals will have had enough time to collect the packages.
How to avoid the scams and phishing that emulate being Amazon
PandaLabs takes the opportunity to give us several tips to avoid precisely being a victim not only of this phishing scam attempt, but of others:
- Look closely at the email you have received. Although company logos appear, they tend to ignore any reference to the company’s corporate information. Likewise, there are no links to unsubscribe from this type of communication, as required by the European regulations of the General Data Protection Regulation.
- Check in the mailbox for other types of communications from the same company, to compare sender and scheme.
- If you suspect that you have been the victim of any of these scams, contact the company through any of its official channels to verify if the communication you received is legitimate. Although as the first action, this being the most urgent, cchange account password if you have entered some strange web page.
- Do not provide your Amazon email and password to any user do not enter them on any page other than the official one. To distinguish between them, look for the closed padlock at the beginning of the URL.
- A legitimate seller of the platform it will never redirect you off the website.
- Also do not perform no payment to claim prize or lotteries or because you are going to be rewarded with a gift card.
- You are suspicious if an alleged seller demands the sending of money in cash or by platforms such as Bizum or PayPal, since any transaction that occurs outside the platform will lack guarantees regarding the return of the money.
- Do not respond to emails that request your information to verify your account or your bank details. Amazon will never ask you for personal information.
- Install a antivirus o antimalware and keep them updated.
- Keep your operating system updated and with the necessary security accessories up to date.