If You See This Message, Your Amazon Account Is Under Attack

Attacks suddenly surge 5000%.

dpa/picture alliance via Getty Images

A new warning has just been issued for millions of Amazon users, as a new wave of attacks on accounts has suddenly surged 5000%. This will come at you by text message, which is nothing new. Between undelivered packages, unpaid tolls and motoring fines, the scale of text attacks sweeping the U.S. and Europe is “out of control.”

The team at Guardio tells me that these new “Amazon refund scam texts” have surged “more than 50 times in the past two weeks.” Even in the world of text message attacks, that’s some increase. “These texts began appearing shortly after Prime Day, which started two weeks ago on July 8,” and spawned plenty of other attacks as well.

ForbesFBI Warning—Do Not Install These AppsBy Zak Doffman

The texts are nothing to do with Amazon. The attackers do not even know you have an account. They’re just playing a numbers game because most of you do. “The link in the message leads to a fake Amazon site designed to steal your account details and hack it.”

Amazon warns that “scammers may send text messages claiming to be Amazon,” and that account holders should be “mindful” if they “receive a text message for orders or deliveries that you are not expecting.” It’s the same for refunds.

Amazon runs an active program to monitor for such impersonation scams, which includes sharing information as and when new campaigns are identified and critically shutting down the bad actors behind these attacks, both technically and legally.

Fake Amazon texts and login

Guardio

But again this is a numbers game. The attackers are running an industrial scale scam that fires out messages indiscriminately. Targets will be found because countless users will have purchased recently on Amazon and who doesn’t want an unexpected refund? The link is a short-code to beat Amazon’s other warning to watch for misspelled URLs.

If you receive this text, and many millions of you will. delete it immediately per the advice from the FBI and state and local police forces. If you have any doubts, log into your Amazon account using your app or usual methods and check there.

This text attack industry with its billions of messages is driven by organized criminal gangs in China, beyond the reach of U.S. law enforcement. Networks filter out plenty of texts, but attackers use farms of normal phones and SIMs to bypass normal checks.

Forbes‘One In Four’ Smartphone Owners Must Upgrade This YearBy Zak Doffman

You can read more about Amazon’s defense against impersonation scams here. “In 2024,” it says, “we initiated takedowns of more than 55,000 phishing websites and 12,000 phone numbers being used as part of impersonation schemes.”

Clearly these texts are outside Amazon’s control, and so users are urged to report scams as they come in. Users should also ensure their accounts are fully protected, at least by two-factor authentication and ideally by passkeys.

Trend Micro warns that “30% of consumers have been scammed online, nearly 40% didn’t realize it until they’d already lost money and most didn’t use any tech to verify the scam — relying on instinct alone.” Its new ScamCheck tech is another potential bandaid.