SEATTLE - Amazon customers are being warned about a phishing scam that might be easy to fall for, especially if shoppers have been actively buying gifts on its site for the holidays.
The scheme is designed to obtain sensitive personal information, including a customer’s Amazon login and password, so swindlers can charge things to their account.
In the scam, customers receive an email containing an order confirmation for an item they didn’t purchase — and usually for a large amount of money, according to WCPO-TV. Knowing the customer will likely want to get in touch about the item they didn’t order, the email contains a prominent 1-800 number to contact them.
A file image shows an employee at an Amazon distribution center on Dec. 17, 2019. (Photo by INA FASSBENDER / AFP) (Photo by INA FASSBENDER/AFP via Getty Images)
One Amazon customer, Lisa Wang, told the station that she received an unusual email stating she had a shipment coming for an order totaling more than $6,000. She called the provided number to report the mistake, and said a man who answered started asking to confirm her information and asked for her Amazon password.
"They wanted me to call because there's a 1-800 number right up front," Wang told WCPO. "It looked real."
But Wang said she soon realized something was not right.
"I heard in the background some non-English conversation behind it; that was not professional," Wang told the station.
On its website, Amazon warns customers about suspicious correspondence, including emails and phone calls.
“Amazon will never send you an unsolicited email that asks you to provide sensitive personal information like your social security number, tax ID, bank account number, credit card information, ID questions like your mother's maiden name or your password,” the company states.
“If you receive a suspicious email, report it immediately.”
Some red flags of an Amazon phishing scam include requests for your Amazon username and password, an order confirmation for an item you didn't purchase or an attachment to an order confirmation, requests to update payment information, links to websites that look like Amazon but aren't, forged email addresses to make it look like the email is coming from Amazon.com, as well as typos or grammatical errors, the company says.
This story was reported from Cincinnati.