Don’t get caught by an Amazon.com phishing scam!

ID-10067364A consumer I know just got extremely lucky after opening an e-mail that she thought was from Amazon.com. It turned out to be part of a phishing scam designed to hack into her account.

She has a Kindle and has been doing a little business with Amazon lately. So when she noticed an email in her spam filter asking her to verify a purchase she knew she never made, she got alarmed and opened it.

She clicked a link in the email and was about to enter her Amazon password, but couldn’t remember it and couldn’t find the piece of paper where she jotted it down. So, she went into Amazon and got a new password–and found out there had been no unauthorized transactions on her account. Then she got suspicious of the email and decided not to enter her new password and make a few phone calls. Thank goodness!

All of that was stroke of luck number one. The other lucky break was that she’s using a Linux system on her computer, which has a very low risk (not quite zero, but close) of catching viruses.

If she’d given the scammers access to her Amazon account that could’ve been bad. They’d have her credit card number and all sorts of personal information.

This is a pretty common phishing scam. It can happen with other sites, but Amazon is very popular. (She asked, “How did they know I had an Amazon account?” My answer: “Everyone does.”)

Bottom line: If you are at all suspicious that an email might not be from the source it claims to be, DO NOT click the link in the email. Go directly to the site, such as Amazon.com, and enter your password there. Clicking the link in the email could infect your computer with malware even if you don’t enter any information.

Amazon has some advice if you think you might’ve been tricked by a phishing email. The advice could apply to other online shopping sites as well.

  • If you think you’ve entered your password on a malicious website, change your password for the real site immediately.
  • If you entered credit card information on a malicious site or sent the information in a reply email, immediately contact your credit card company and update your credit card information with the online retailer afterward.
  • If you don’t already have one, install a good anti-virus program and run a full scan on your computer to catch any malware that may have been downloaded.
This entry was posted in Scams, Technology, Top Tips and tagged , , , , . Bookmark the permalink.