There’s a new scam on the block, and this time it’s Amazon being targeted. The e-commerce giant is sending out an alert to 200 million customers warning them against scammers who are impersonating Amazon in a Prime membership scam.
As reported by Malwarebytes, the company sent out an email alerting customers that “scammers are sending fake emails claiming your Amazon Prime subscription will automatically renew at an unexpected price.” The scammers also include personal information in the emails collected from other sources to appear more legitimate. There’s even a cancel subscription button that leads to a fake Amazon login page if the recipient decides to cancel their Prime subscription instead.
This is a win-win situation for the scammer as long as you interact with the email. If someone sees the email and goes along with the instructions provided, the scammers get away with selling a fake Prime membership at an inflated price. If they decide to cancel instead, the fake login page can phish the user’s Amazon credentials, giving the scammers access to their Amazon account.
The fake site can also request payment information and other personal details not accessible via an Amazon account and send them back to the scammers. This information can then be sold on dark web hacking forums for even more money out of each victim.
With a customer base as wide and diverse as Amazon’s, the scam can be run around the year, with targets shifting between countries and regions. Amazon’s staff has had to deal with cases including fake messages about Prime membership renewals, fake refund offers, and users getting calls or messages claiming their Amazon accounts have been hacked.
The best way to avoid falling for such scams is to always verify the sender of an email before interacting with one. Hackers and scammers often use typosquatting methods to make fake emails resemble the legitimate ones, but if you look closely enough, you’ll be able to tell the difference. The email header will also vary between a scam and a legitimate message from Amazon, so be sure to check that if the email address seems fishy. Additionally, setting up two-factor authentication protects you against phishing attacks.
In the News: Actively exploited Chrome zero-day gets patched
