Are you one of the 80 million Amazon Prime members who gets excited for “Prime Day” and subsequently becomes all giddy like a child with a new toy when your purchases arrive in two days? If you are, you may be targeted with a phishing scam that seeks to get your Prime login credentials out of you. This new one asks you to conveniently review your Amazon Prime Day purchases by clicking a link in an email and promises $50 gift card.
Unfortunately, it’s a phony site and there is no gift card. Instead, the crooks get your login credentials and the site may also download malware to the device. Making it even more confusing, if the link is clicked the site address is similar enough to Amazon’s real one that it’s easy to see how people can be tricked into entering information.
It’s completely fine to review purchases made at any e-retailer. However, if you receive an email asking you to click a link to do so, think twice about it. Instead, go directly into your account, find the purchases and go through the process to review it there. This advice is good to heed for any links received in email asking you to enter login credentials; be it your favorite shopping sites, your healthcare site, or your financial services companies.
If you have clicked a link in an email from Amazon like this one and entered information, go immediately to your account and change your password. Make sure it is at least eight characters, has upper and lower case letters, as well as numbers and special characters.
While you’re at it, if you haven’t already enabled two-step verification for your account, go into the “Login & Security” settings, then to the “Advanced Security Settings” and enable it. This will require another random code that is sent via text to be entered before anyone can access your account.
In addition, you can and should report phishing scams to Amazon at its website.
© Copyright 2017
Stickley on Security
October 2, 2017