Internet Scams and Phishing

We know that you try to protect yourself from fraud on the internet. The information that follows is designed to help you identify and avoid internet scams and phishing attempts.

Be wary of internet scams

• Payment requests for Gift Card claim codes — Do not provide any Gift Card claim code by phone, text, or email as a form of payment to a third-party merchant. To learn more, see Common Gift Card Scams.
• Payments that are made off the merchant site — Do not complete any payment for a purchase that directs you away from the merchant site.
• Payments to guarantee the transaction — Do not share Gift Card claim codes or send money — by cash, wire transfer, Western Union, PayPal, MoneyGram or other means, including by Amazon Pay — to a merchant who claims that they will guarantee the transaction, refund your funds if you are not satisfied with the purchase, or hold your funds in escrow.
• Payments to receive a large amount of money — Do not make a payment to claim lottery or prize winnings, or on a promise of receiving a large amount of money.
• Payments to guarantee a credit card or loan — Do not make a payment because you are “guaranteed” a credit card or loan.
• Offers that seem too good to be true — Do not respond to an internet ad or phone offer for an item that is priced far below market value and that the seller claims a need to sell quickly.
• Payments to someone whose identity you can’t confirm — Do not make a payment to someone you don’t know or whose identity you can’t verify.

When in doubt, ask the intended recipient for more information about the purpose and safety of the requested payment. Do not send the payment until you are comfortable with the transaction.

Identifying phishing or spoofed emails

From time to time you might receive emails that look like they come from a reputable merchant or a colleague, but they are falsified. These emails might direct you to a website that looks similar to the actual website. You might even be asked to provide account information like your email address and password combination.

These false websites can steal your sensitive login or payment information, which is then used to commit fraud. Some phishing messages contain potential viruses or malware that can detect passwords or sensitive data. We recommend that you install an anti-virus program and keep it updated at all times.

Here are some key points related to fraudulent emails:

1. Know what your merchant will not ask you to provide in an email
   Your merchant (bank, credit card company etc) might sometimes need to ask you for important information, but you will always be directed to provide this information through the actual website.
   You should not provide personal information like the following in an email:
   • Your full or partial social security number or tax identification number
   • Your date of birth
   • Your credit card number, PIN, or credit card security code (including “updates” to any of the above)
2. Be wary of attachments in suspicious emails
   We recommend that you do not open any email attachments from suspicious or unknown sources. Email attachments can contain viruses that can infect your computer when the attachment is opened or accessed. If you receive a suspicious email purportedly sent from your merchant and that email contains an attachment, we recommend that you delete the email — do not open the attachment.
3. Look for grammatical or typographical errors
   Be on the lookout for poor grammar or typographical errors. Some phishing emails are translated from other languages or are sent without being proofread and, as a result, contain bad grammar or typographical errors.
4. Check the return address
   Is the email from your merchant/bank? While phishers can send forged email to make it look like it came from them, you can sometimes determine whether or not it’s authentic by checking the return address. If the “from” line of the email looks like “[email protected]” or “[email protected]” or contains the name of another internet service provider, you can be sure it is a fraudulent email.
5. Check the website address:
   
   • Sometimes the link included in spoofed emails looks like a genuine addresses. You can check where it actually points to by pointing to the link; the actual website to which it points will be shown in the status bar at the bottom of your browser window or as a pop-up.
   • For example, variant domains such as “http://security-payments-amazon.com/…” or an IP address (string of numbers) followed by directories such as “http://123.456.789.123/pay.amazon.com/…” are not valid Amazon Pay websites.
   • Alternately, sometimes the spoofed email is set up so that you are taken to the fraudulent website if you click any of the text. Your vendor will never sends an email that does this. If you accidentally click such an email and go to a spoofed website, do not enter any information. Instead, just close that browser window.
6. If an email looks suspicious, go directly to the website
   When in doubt, do not click the link included in an email. Go directly to the website yourself by typing it in the browser window – such as www.americanexpress.com, and then sign in to your account to review recent purchases or your account information. If you cannot access your account or if you see anything suspicious, let us know right away.
7. Protect your account information
   If you did click through from a spoofed or suspicious email and you entered your account information, you should immediately update your password and let us know. If you submitted credit card info you should contact your bank.

Reporting phishing emails

If you have received an email that you know is a forgery, or if you think you have been a victim of a phishing attack and you are concerned about your Amazon.com account, please let us know right away