How to Spot and Avoid Amazon Scams Like a Pro
Learn the different types of Amazon scams and how you can easily spot an Amazon scam. Get the ultimate guide on how to avoid being a victim of an Amazon scam.
Image by Adobe Stock
Amazon Scams - The Big Target
Amazon has grown up to be one of the most used Ecommerce platforms, not only in the US but around the world. According to Investing.com, Amazon had 300 million active users as of 2022. Amazon products are shipped to over 100 countries worldwide, with 22 countries enjoying Amazon Prime membership. Of the prime members, 157.4 million are from the United States. From these statistics, Amazon is indeed a household name, one that is recognized by anyone in the developed countries, and a majority in the developing countries.
As a frequent Amazon user, you've probably shopped on Amazon in the last 7 days. Chances are you are awaiting a package from Amazon today or tomorrow. According to Statista, as of April 2023, there were 61.8 million unique users on Amazon each day. It is expected that Amazon will ship out 10 million packages per day in the US in 2023. Further, there are 375,000, 300,000, and 500,000 Amazon users from Canada, Australia, and the UK each day. These are huge numbers that scammers and hackers are aware of, and each of these users becomes a target and a potential victim.
This recognition has been a vulnerability that is frequently exploited by malicious actors, in an attempt to scam Amazon customers. In what has become known as Amazon scams, scammers are targeting Amazon clients through fraudulent activities to exploit the users' trust in the E-Commerce giant for financial gain, identity fraud, and other cybercrimes. In this article, we cover the most common Amazon scams, how they are conducted, what is often the aim of each scam tactic, and how you, as a legitimate Amazon user, can avoid becoming a victim of the Amazon scams.
A. The Amazon Refund Scam
This is perhaps one of the most popular Amazon scams today. The scammers use a deceptive scheme where they send phishing emails to users, impersonating an Amazon representative or the Amazon system itself. The refund scam is often applied in several different tactics. Let us look at the most common:
Scam 1: Double charged on your last order
From the significant number of packages shipped out daily by Amazon, scammers have a large pool of users to target with this refund scam. These malicious actors send out millions of phishing scams designed to appear as if they have originated from Amazon itself. The illegitimate emails appear as shown:
Due to a system error, you were double charged for your last order, A refund process was initiated but could not be completed due to errors in your billing information. You are required to provide us with a valid billing address Click here to Update your address After your information has been validated you should get your refund within 3 business days
When you receive such an email with a package en route, you will be disturbed by the possibility of such an occurrence. You will definitely be anxious if you placed a huge order and haven't checked your finance accounts since placing your order. In phishing scams and attacks, this is known as the bait. Information targeted at getting a user in a panic mode, where they can let their guard down. And in this case, many targeted users become victims once they click the link provided in the email.
The link redirects users to an illegitimate phishing website that is designed to mimic the real Amazon E-commerce website from the images to the fonts, and general styling. If you visit the illegal site, you will be presented with the 'Amazon' login page. In phishing attacks and scams, this is the hook. If you enter your details, since the website is fake, the login will fail to authenticate. Once you submit your authentication details, you are a victim of the refund scam, and the phishing scammers have the catch.
Once you submit your Amazon login information on the fake website, the phishing scammers swiftly move to the real Amazon platform to try and login in. If you have a 2-factor authentication enabled, the login will fail and the scammers will not gain access to your account and the information contained in it.
If you have not set a multi-factor authentication on Amazon, the phishing scammers will have full access to your account. In addition to your login information, they will have access to your personally identifiable information (PII) such as full name, address, phone number, purchase history, and payment information such as credit card details (card number, expiry date, and the CVV).
Scam 2: An order confirmation email
In this refund scam, scammers design and send emails containing information that an order has been successfully placed and is ready to be shipped. Some emails contain a record with the item picture description, and price as a link, which redirects to a real item on the legitimate Amazon website. Usually, scammers use items with high prices, from hundreds to thousands of dollars. An example of such an email notification is shown below:
Hi, this is a confirmation email for the item(s) that you have placed with us. Your item(s) are ready to be shipped. Estimated date is shown below. ID: AZD03-88557105 placed on April 1, 2023. Thank you for shopping with us. If there is a problem with this order, call 885 212 0022.
Once a targeted user sees that they have been charged $699 for a package they did not order, they often become anxious and scammers are waiting for the panic to set in and the user to take action. In the above phishing scam, malicious users have included a phone number, which users will be inclined to call since there is an issue with that order; they did not make it. Once a user makes the call, they are in the hook phase of the phishing scam and the attackers claim that they are within Amazon's refund department or the tech support department. The scam evolves from an email phishing scam to a vishing scam.
The scammers on the other end will then use the phone conversation to attempt and get more information from the user such as full name and address. By calling them, the user has already submitted their phone number. Once the scammer has hooked the user with assurances that the order will be cancelled and the 'customer refunded their full amount', the refund scam deepens and the user is requested to provide their card information. If the user continues to corporate the scammers can branch to more complex scams on the same user, within the same conversation.
B. Amazon Typosquatting Scams
Typosquatting involves the registration of a domain closely matching a legitimate website's name or domain, in this case, Amazon. The real Amazon website is ; however, scammers and hackers typosquat the domain to redirect unsuspecting users to illegitimate websites and dupe them into submitting their details. Typosquatting attackers do not stop at registering similar names to Amazon, they design and develop a website mimicking the real Amazon website in terms of styles, including font size, color, elements and their arrangements, images, and more. The attackers make a duplicate copy of the real website such that a user will not tell it's a fake website at first glance, or the second.
Once the fake website is registered, designed, and deployed, attackers have different ways of luring unsuspecting users to the illegitimate website:
1. Scammers lie and wait for users to accidentally type in the typosquatting domain in their browsers' URL box. For instance, instead of typing amazon.com, an unsuspecting user may type . If an attacker has the domain registered and mimics the real site, a user might not realize his or her mistake until later on or at all.
2. Scammers launch millions of phishing emails to bait users into visiting a fake website. Attackers can register the domain and use the email address to send phishing emails to targeted users.
3. Typosquatting attackers can register the and use social media to promote competitions, surveys, and promotions designed to appear to originate from the real Amazon platform. Further, attackers using the typosquatting tactic can lure job seekers to visit the typosquatting domains to apply for non-existent jobs at Amazon. Attackers can use this scamming strategy to gather unsuspecting users' data to use in more complex scams or cyber attacks such as malware distribution.
Several typosquatting attacks have been targeted at the Amazon domain and its users. The most common ones are:
amazom.com: Attackers swap the 'n' in Amazon to 'm'
amzon.com: Attackers register domains missing the second 'a' from Amazon.
amazoon.com: Attackers register a domain with 'oo' in the name
wwwamazon.com: The domain name is registered as wwwamazon where the ' . ' (dot) is omitted after www. When users mistype the domain by failing to type in the ' . ' (dot), they get redirected to the fake website.
What Phishing scammers target in Amazon Phishing Scams
The Amazon scams are elaborate - well-designed and executed. Scammers exploit different vulnerabilities using different tactics to target genuine Amazon customers. Once a targeted user becomes a victim, the scammers fetch as much information as possible from the users and even trick users into sending more in the more complex phishing/vishing scams.
Once a user submits their information, the scammers can save this information to use later in other versions of the scams or other scams entirely. Further, scammers give this information to other scammers and cyber hackers for financial gain or in exchange for the other group's victims list. Therefore, if you have been a victim of a scam, it is likely that the same scammers or others will target you again and again.
How to protect yourself from Amazon Phishing Scams
Amazon scams, just like other phishing scams, use social engineering to exploit vulnerabilities in human nature. Therefore, by learning how to respond to a scammer's bait, you can protect yourself from becoming another statistic in Amazon's victim pool.
Here are the best practices for dealing with Amazon phishing attempts:
Do not click any links or download attachments on suspicious emails: In our article on identifying suspicious emails, we described how you can easily spot a phishing email. Phishing emails are all designed the same, whether they are designed to appear to originate from Amazon, Paypal, eBay, Apple, or Facebook. Until you verify that an email is legitimately from Amazon, do not click any link contained in the email. To visit the Amazon store, simply search for Amazon on your browser to navigate to the legitimate website and check the activity on your account.
Do not reply to the email: As a general rule in phishing protection, do not reply to any email until you validate the sender. Corresponding with a scammer can put you in a position of becoming a victim in current or future scams.
Do not dial numbers contained in emails: As a user, avoid calling the numbers contained in emails appearing to be from Amazon. If an email is suspicious, navigate to the legitimate Amazon platform and contact the customer case for assistance.
Enable 2-Factor Authentication (2FA) on Amazon: If you haven't already, set a 2FA on your Amazon account to add an extra layer of account. 2FA ensures that scammers and hackers will not access your account without a verification code sent to your email or via text upon login.
Keep track of your Amazon purchases: Ensure you are constantly aware of any purchases on your Amazon account. This will make you suspicious of any email notification about a purchase or a double charge.
Report all suspicious emails, calls, and messages: If you suspect you have become a victim of an Amazon scam, report it to customer support immediately.
Use Bookmarks: Bookmark the real Amazon website in your browser to avoid typing in the URL each time you want to visit the website. This ensures that you do not accidentally visit any typosquatting domains.
Be cautious: Be suspicious of social media posts that promote any Amazon competitions, jobs, promotions, or surveys. Do not click any links in these posts.
Be aware of the latest Amazon scams: Stay informed about the latest and trending phishing scams and attackers targeted at Amazon customers. Regularly check the official Amazon website and communication channels to learn about the current threats aimed at unsuspecting shoppers on the Amazon platform.
