A new phishing scam threatens Amazon.com shoppers in an attempt to steal credit card information, according to criminal investigators.
The Criminal Investigation Command at U.S. Army Garrison Bavaria in Grafenwoehr report of a phishing scam disguised as an email sent to Amazon customers with the subject line “Your Amazon.com order cannot be shipped.”
The email claims a problem occurred processing an order. A ‘click here’ link is added leading the customer to an authentic-looking page to confirm the name, address and credit card information (including expiration and CVV security code).
Incidents have been reported in Australia and the United Kingdom, but the phishing scam is expected to continue and grow.
To make the website appear even more authentic, the customer is automatically redirected to the actual Amazon website after hitting the “Save & Continue” button, not realizing personal information was provided to cyber criminals.
The email contains several grammar errors.
If you receive an email that makes you suspicious, Amazon recommends taking the following steps:
1. Check who the email is from. If the sender does not use a “@amazon.com” email address, it is fake.
2. Visit the “Your Orders” page of your Amazon account to determine if any of your recent orders have fulfillment, billing or shipping issues.
3. Visit “Your Account” to check your payment options. Amazon has informed its customers that if you are not prompted to update your billing info on your account’s “Manage Payment Options” page, the email you received is not from Amazon.
4. Report the issue to firstname.lastname@example.org and attach the suspicious email. Amazon doesn’t respond to these emails, but the company does investigate potential issues.
CID encourages everyone in the community to be cautious when receiving emails that are not common or that are from a company or organization you do not recognize. Do not click on an embedded link. Instead, go directly to their website.
Be suspicious of emails that contain numerous grammar mistakes.