Contents:
The holidays are coming up, and it’s a busy time for cybercriminals who are looking to empty your bank account.
Amazon has warned UK shoppers that text messages are being used to scam them. They’ve been increasing in frequency as the Christmas season approaches, and this is the busiest time of year for retailers and cybercriminals alike.
One of the most popular holiday seasons scams is SMS phishing – also known as “smishing.” The premise is simple: attack stressed-out shoppers trying to get last-minute gifts for loved ones.
Victims of this scam would get an email from Amazon that typically stated there was a security issue and urged them to click on a bogus link within the message.
When the user clicks on a link, he’s taken to an Amazon-like website that scammers set up. The user is asked for his Amazon credentials and then sent a page requesting more info like name, address, phone number, and social security number.
Cybercriminals can use victims’ data from a phishing attack and log into their Amazon accounts. Once the cybercriminal is in, they can access private information that could lead to financial loss or identity theft.
One example of this is a message a British consumer rights group reported from Amazon, which read: “From Amazon – A new login has been attempted from IP address: 82.966.81.27 (Ipswich). If this was NOT you, secure your account immediately. [amazon-logins.com].”
There are two common text scams. In the first one, the person receiving the message could be told that they authorized a purchase with Amazon and are urged to call a number in the text message.
In the second one, scammers are impersonating Amazon customer service and would ask the victim to click on a link that gives them access to their device.
How to Stay Safe
Amazon says that “smishing” scams are becoming increasingly advanced. As such, it can be tough to trust what you receive from the company. Still, there are some simple tips for protecting yourself against the increasing number of scams.
One of the most important things to remember is never to take immediate action to any links or call any numbers in the text, no matter what. Scammers will push you to interact urgently – don’t do that.
You can tell a legitimate Amazon link from a scam because only reputable Amazon sellers use the following formats: amazon.com, amzn.to amzn.com — and for international sites, such as the UK, countries will be designated as amazon.co.uk; for France, it would be amazon.fr, and so on.
Emails from Amazon will never ask you for your personal information. It will never ask for a payment or offer a refund that you do not expect; it will never ask to make a payment outside of Amazon’s own website, and it will never ask for remote access to your device via an app.
The other thing you could do to stay safe from holiday scams this season is to use two-factor authentication.
Two-factor authentication can serve as an extra layer of security when you fall victim to a smishing attack and give away one of your passwords. In addition, biometric authentication uses fingerprint technology and facial recognition to validate your identity.
If you’re ever in doubt, log into your Amazon account from their official website or app. Then, if something goes wrong, you’ll be informed of the situation. Furthermore, if a scammer targets you, contact Amazon, and they’ll protect your account, monitor suspicious activity, and report scammers to the police.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.
Gabriella is the Social Media Manager and Cybersecurity Communications Officer at Heimdal®, where she orchestrates the strategy and content creation for the company's social media channels. Her contributions amplify the brand's voice and foster a strong, engaging online community. Outside work, you can find her exploring the outdoors with her dog.
