Cerberus IT Solutions Blog
Lessons Learned from Amazon’s Latest Scam Email Warning
If you are an Amazon Prime subscriber, chances are you received an email from the online marketplace warning users of scams that take advantage of offerings and brand recognition. We thought it would be interesting to look at the advice shared by this message to see if it matches up with our own recommended best practices.
What Does the Amazon Email Recommend?
This communication largely focused on scams related to Amazon’s brand services in some fashion. One example included in this communication includes “Prime membership scams” and “Account suspension/Deletion scams.”
The email stated that a Prime membership scam might include references to issues with membership in the program or further fees charged to the account in question. Victims might have to confirm or dispute a charge, and they might provide payment information to do so.
According to the official company email: “Amazon will never ask you to provide payment information for products or services over the phone.” If the company does require action, the user will be directed to visit the official website or application to check for legitimate communications made through their Message Center. They can then manage their account status in this way.
In relation to account suspension or deletion scams, the communication describes these messages as texts, emails, or phone calls that try to convince users that they must provide account access in the form of credentials or payment information.
Amazon’s official stance, as per the communication issued in the previously mentioned email, states that “Amazon will never ask you to disclose your password or verify sensitive information over the phone or on any website other than Amazon.com.” They request that individuals authenticate any such communication through their secure Message Center.
Some Other Amazon-Recommended Tips (Including Our Hot Takes)
Additionally, Amazon furthered their advice with the following, quoted directly from their message:
“1. Trust Amazon-owned channels.
Always go through the Amazon mobile app or website when seeking customer service, tech support, or when looking to make changes to your account.
2. Be wary of false urgency.
Scammers may try to create a sense of urgency to persuade you to do what they're asking. Be wary any time someone tries to convince you that you must act now.
3. Never pay over the phone.
Amazon will never ask you to provide payment information, including gift cards (or “verification cards,” as some scammers call them) for products or services over the phone.
4. Verify links first.
Legitimate Amazon websites contain "amazon.com" or "amazon.com/support." Go directly to our website when seeking help with Amazon devices/services, orders or to make changes to your account.”
These Measures Are Great Starts
In general, these tips are aligned with the best practices we espouse day after day. For reference, here is what we would recommend:
- When you respond to a message, always confirm that you are working with confirmed and official channels of communication outside of the specified message. You should never respond to any message you believe to be a phishing scam. Instead, manually go through the company’s website to find their official message center or the sender’s actual contact information. Reach out through secure, secondary methods when in doubt.
- Be skeptical of any urgent language used in messages, as this is indicative of a common phishing scam that tries to convince users that action is necessary, and necessary now. This is a farce, and it pushes users to take action before they can tell if it’s in their best interest.
- Not all over-the-phone payment requests are going to be fraudulent, but as far as official business is concerned, you can be sure that no self-respecting business is ever going to ask you to pay in gift cards—especially if the brands are in conflict.
- Avoid clicking on links in any email that you suspect is a scam. Instead, navigate to the official website through ordinary means, then proceed with your business as usual.
Don’t Limit Your Scam Knowledge to Amazon-Exclusive Issues
While it’s great to see Amazon remain proactive with informing its users about security best practices, we would like to take a moment to reinforce the fact that scams are not Amazon-exclusive. They will come at you from all angles, whether in your home life or your workplace. You’ll want to have various protections in place in addition to your security knowledge. That’s where we come in.
Cerberus IT Solutions can help to educate your employees while also working with your IT department to equip your business with the best security tools and measures on the market. To learn more, call us today at (361) 333-1123.