Phishing attempts are getting more advanced, with hackers and cybercriminals making their ploys so believable that even the most cautious are getting scammed.
One of the latest schemes is to send an SMS text message to people’s phones pretending to be a bank or a company in order to trick people into sharing their personal data. Amazon seems to be the latest corporate patsy.
According to data from the FTC, one in five consumers from July 2021 through June 2022 who reported a scam with hackers impersonating a business said that the business being used was Amazon.
How do hackers use SMS messages to steal data?
The premise is simple — hackers will send users text messages pretending to be Amazon representatives asking for a variety of different things, including fake reports of suspicious activity on one’s account or fake information about shipping delays or package arrivals.
Oftentimes, hackers will include a hyperlink in the message which will usually deploy some sort of malware onto the device that will unleash some sort of virus.
Other times, the “representative” will ask for information such as login and password or credit card information by using false claims that there is something wrong with the account, that the payment didn’t go through, or even send a link to a fake delivery notification.
The scammers often make their claims very specific which can make them more difficult to spot at first glance.
What are some of the signs you’re being scammed?
The FTC says that legitimate companies like Amazon wouldn’t ask for your personal or account information over a text message.
Links that you weren’t expecting or any unexpected texts that are asking you to disclose any sort of personal information are also red flags.
Other common scam signs are being told that you’ve won a free prize or gift card, offers of low or no interest credit cards, and being sent a fake invoice and asking you to contact them if you don’t authorize the purchase.
What can you do to prevent being scammed?
If you think you’re being scammed by someone pretending to be Amazon, there are a few things to check for.
If the text message includes a link that says “Amazon” in the URL, note the placement of the word. For example, the link itself should have a word before the ‘Amazon’ portion of the link, such as “shop.Amazon.com” or “explore.Amazon.com“.
“We’ll never send emails with links to an IP address (string of numbers), such as http://123.456.789.123/amazon.com/. If the link takes you to a site that is not a legitimate amazon domain, then it is likely phishing,” Amazon’s website reads.
If the message asks you to update your payment information, go to Amazon.com and log into your account. If you aren’t prompted to update your info there, it’s probably fake.
Anything with typos or grammatical errors is also likely spam, as are order confirmations for items that you didn’t order.
Amazon maintains that customers shouldn’t open any links or attachments if they have an inkling that something suspicious is going on.
Customers can also visit here to report any suspicious activity or phishing attempts.