Has Amazon contacted you to confirm a recent purchase you didn’t make or to tell you that your account has been hacked? According to the FTC, since July 2020, about one in three people who have reported a business impersonator scam say the scammer pretended to be Amazon.

These scams can look a few different ways. In one version, scammers offer to “refund” you for an unauthorized purchase but “accidentally transfer” more than promised. They then ask you to send back the difference. What really happens? The scammer moves your own money from one of your bank accounts to the other (like your Savings to Checkings, or vice versa) to make it look like you were refunded. Any money you send back to “Amazon” is your money (not an overpayment) — and as soon as you send it out of your account, it becomes theirs. In another version of the scam, you’re told that hackers have gotten access to your account — and the only way to supposedly protect it is to buy gift cards and share the gift card number and PIN on the back. Once that information is theirs, the money is, too.

Here are some ways to avoid an Amazon impersonator scam:

• Never call back an unknown number. Use the information on Amazon’s website and not a number listed in an unexpected email or text.
• Don’t pay for anything with a gift card. Gift cards are for gifts. If anyone asks you to pay with a gift card – or buy gift cards for anything other than a gift, it’s a scam.
• Don’t give remote access to someone who contacts you unexpectedly. This gives scammers easy access to your personal and financial information—like access to your bank accounts.

Have you spotted this scam? Report it at ReportFraud.ftc.gov.

Additional Information About Emails, Text Messages, and Webpages from Amazon

Suspicious or fraudulent emails, text messages, or webpages not from Amazon.com may contain:

• Links to websites that look like Amazon.com, but aren’t Amazon.Note: Legitimate Amazon websites have a dot before “amazon.com” such as http://”something”.amazon.com. For example, Amazon Pay website is https://pay.amazon.com/. Amazon will never send emails with links to an IP address (string of numbers), such as http://123.456.789.123/amazon.com/. If the link takes you to a site that is not a legitimate amazon domain, then it is likely phishing.

• An order confirmation for an item you didn’t purchase or an attachment to an order confirmation.Note: Go to Your Orders to see if there is an order that matches the details in the correspondence. If it doesn’t match an order in Your Account in Amazon.com, or in another Amazon international website, the message isn’t from Amazon.

• Requests to update payment information that are not linked to an Amazon order you placed or an Amazon service you subscribed to.Note: Go to Your Orders. If you aren’t prompted to update your payment method on that screen, the message isn’t from Amazon.
• Attachments or prompts to install software on your device.
• Typos or grammatical errors.
• Forged email addresses to make it look like the email is coming from Amazon.com.
• While some departments at Amazon will make outbound calls to customers, Amazon will never ask you to disclose or verify sensitive personal information, or offer you a refund you do not expect.

Sources:
Amazon.com
ftc.gov