Any unsolicited SMS offering you a refund from Amazon should be deleted immediately. By clicking on the link, you could find yourself exposed to a phishing attack or malware that will steal your login credentials and empty your bank accounts.
How it works
Using the recognition and trust that consumers have developed toward credible brands such as Amazon, these scammers are sending SMS messages replicating legitimate notifications. One of the usual messages will state that you are being offered a refund for a specific amount, urging you to tap on the link to read further about it. These messages are usually random and sent off with a sense of urgency and panic designed to trigger you into fear or excitement and push you into action. However, the link does not lead to the official Amazon website but rather to a fraudulent site or causes harmful malware to download. Because most recipients have fallen for this trick, they are vulnerable to losing personal and financial information.
You can further fall victim to the scam when clicking the malicious link on the fake refund text that generally leads to a page set up to simulate an Amazon login page. This phishing page is made up for obtaining your Amazon account credentials, which can be your email and password, so the scammer can log on to your actual account with ease. Some of these fraudulent sites download the spyware, ransomware, or keyloggers onto your device.
These malicious programs operate silently, recording everything you type while stealing saved passwords or other sensitive information. With your account credentials, and potentially your saved payment information, compromised, attackers would then be able to place unauthorized orders in your name or simply withdraw money directly from your accounts using the provided banking information.
Why you are targeted
Amazon is the richest of all possible targets for cybercriminals due to its immense global customer base. These cybercriminals can afford to cast wide nets with over 300 million active users worldwide. Most users would instinctively trust communications that look like they are coming from a built-up name and brand like Amazon. This effectively lowers their barrier toward messages that would otherwise seem suspicious.
Further, the stolen credentials and payment information they bought sell well in underground marketplaces. This information fuels various types of identity theft, allows the attacker to conduct fraud, and later inspires more phishing campaigns aimed at the victim’s contacts.
Recognizing the red flags
An unexpected refund message must be given secondary scrutiny. Unless you have recently placed a return request or refund, an unsolicited refund notice should send alarm bells ringing. Real Amazon SMSs come from well-identified shortcodes or verified sender numbers, mostly labeled “AMAZON” or the like. On the other hand, fake texts mostly use strange 10-digit numbers or unfamiliar alphanumeric sender IDs.
URLs in scam messages rarely resemble the actual Amazon web address and most will have misspelled or odd domain extensions. Also, fraudulent messages usually show spelling mistakes, awkward grammar, or strange punctuation errors that are hardly present in any genuine professional communications from Amazon.
Verifying authentications from a safe distance
To verify an authentic refund notification, there should be no accessing of the link contained in the text message being called suspicious. What should be done instead is to manually open a new browser window or the official Amazon app and securely log in to the account. After log-in, review any recent orders and check the “Returns & Refunds” section for any transactions matching the amount specified in the text.
Authentic refund processes are usually accompanied by confirmation emails from Amazon, thereby you should check your email for such communications. If there is no matching activity in your account and no email confirmation for the refund notice, that message is most likely a phishing attempt.
Immediate steps if you clicked
If you’ve clicked the link in the text message or entered your login details on the counterfeit site, act quickly. The first step is to change your Amazon password. Any other online accounts that share a password or have similar passwords should be updated to make recovery harder. Setting two-factor authentication (2FA) on your Amazon account as well as the rest of your accounts will improve security, requiring some proof of verification with login.
You should also run a good antivirus/anti-malware scan on your device to root out any hidden threats that might have been installed. Above all, track your bank charge and credit card statement for any unauthorized transaction. If you do see any, make it a priority to notify your financial institutions so they can act fast and minimize losses.
How to avoid future SMS scams
In order to reduce the risk of falling for similar scams, use the spam filtering tools provided by virtually all smartphones and mobile carriers. Those filters can help identify and block suspicious or unwanted messages. Be particularly careful with any messages containing shortened URLs or links from unknown sources; URL expander services allow you to see what links are really directed to before providing the click.
Protecting your sibling or friend, especially if they are not aware of anything regarding online threats, will help shield them from phishing and related scams. Last, the recommendation will be to use password management software, letting you generate and store unique passwords for every account, which significantly decreases risk in the event of credentials leaking.
Reporting the scam
As soon as you get a scam text with its origins from Amazon, please make sure to report it. Forward the message to the spam-organizing number for your mobile carrier: usually 7726, which spells “SPAM.” Along with the sender’s phone number, also forward the spam text to Amazon at [email protected]. If you suspect that your financial or personal data has ever been compromised, alert your bank or credit card issuer immediately so that they can take protective measures to freeze your account or issue new cards.
Read more: Trump revamps tariff plan with new executive order raising tariffs on multiple countries
