Amazon Customers Receive Smishing Warning After Receiving Fake Texts

Amazon users are being warned about a new text message scam, according to a conversation between consumer rights website Which? and the tech giant.

"Scammers that attempt to impersonate Amazon put our customers and our brand at risk," the company said. "Although these scams take place outside our store, we will continue to invest in protecting customers and educating the public on scam avoidance."

The phishing attempts involved users clicking on a fake login notification link, which would, in turn, lead them to a fraudulent webpage set up to steal names, dates of birth, mobile numbers, home addresses and email addresses. 

"We encourage customers to report suspected scams to us so that we can protect their accounts and refer bad actors to law enforcement to help keep consumers safe," Amazon reportedly told Which? "Please visit our help pages to find additional information on how to identify scams and report them."

Following the disclosure, Which? said it has reported the fake URLs to the National Cyber Security Centre (NCSC). Still, according to Jake Moore, global cybersecurity advisor at ESET, scams like these are bound to continue.

"As Amazon is one of the biggest shopping sites in the world, criminals inevitably target people, whether they think they are a customer or not, with blanket texts to any numbers they can get their hands on."

According to the executive, text message scams are still rising due to the limited checks to verify communications. It can also be straightforward to manipulate people into carrying out any given instructions. 

"Following links from text messages may take you to a familiar-looking site, but like any good smishing text, the site will look authentic," Moore told Infosecurity.

To tackle these dangers, the security expert said people must always err on the side of caution by ignoring texts and instead favoring the app installed on their phone or visiting a genuine website to check their account. 

"Handing over credentials such as bank details or account passwords may leave customers out of pocket and with few rights to get their money back," Moore concluded.

The smishing attempts targeting Amazon customers come months after Cisco Talos revealed a hacking campaign deploying various malware tools via fake Amazon gift cards.

What’s Hot on Infosecurity Magazine?