If You See This Message, Your Amazon Account Is Under Attack
Attacks suddenly surge 5000%.
Republished on July 25 with a new FTC warning over this latest attack.
A new warning has just been issued for millions of Amazon users, as a new wave of attacks on accounts has suddenly surged 5000%. This will come at you by text message, which is nothing new. Between undelivered packages, unpaid tolls and motoring fines, the scale of text attacks sweeping the U.S. and Europe is “out of control.”
The team at Guardio tells me that these new “Amazon refund scam texts” have surged “more than 50 times in the past two weeks.” Even in the world of text message attacks, that’s some increase. “These texts began appearing shortly after Prime Day, which started two weeks ago on July 8,” and spawned plenty of other attacks as well.
The texts are nothing to do with Amazon. The attackers do not even know you have an account. They’re just playing a numbers game because most of you do. “The link in the message leads to a fake Amazon site designed to steal your account details and hack it.”
Amazon warns that “scammers may send text messages claiming to be Amazon,” and that account holders should be “mindful” if they “receive a text message for orders or deliveries that you are not expecting.” It’s the same for refunds.
Amazon runs an active program to monitor for such impersonation scams, which includes sharing information as and when new campaigns are identified and critically shutting down the bad actors behind these attacks, both technically and legally.
But again this is a numbers game. The attackers are running an industrial scale scam that fires out messages indiscriminately. Targets will be found because countless users will have purchased recently on Amazon and who doesn’t want an unexpected refund? The link is a short-code to beat Amazon’s other warning to watch for misspelled URLs.
If you receive this text, and many millions of you will. delete it immediately per the advice from the FBI and state and local police forces. If you have any doubts, log into your Amazon account using your app or usual methods and check there.
This text attack industry with its billions of messages is driven by organized criminal gangs in China, beyond the reach of U.S. law enforcement. Networks filter out plenty of texts, but attackers use farms of normal phones and SIMs to bypass normal checks.
Trend Micro warns that “30% of consumers have been scammed online, nearly 40% didn’t realize it until they’d already lost money and most didn’t use any tech to verify the scam — relying on instinct alone.” Its new ScamCheck tech is another potential bandaid.
In response to Guardio’s warning, Amazon is keen to emphasize the significant effort and investment being put into tackling such impersonation schemes. While this attack is outside its control, the potential viral threat to user accounts is taken seriously.
You can read more about Amazon’s defense against impersonation scams here. “In 2024,” it says, “we initiated takedowns of more than 55,000 phishing websites and 12,000 phone numbers being used as part of impersonation schemes.”
The company should take some credit for this. This scam text industry is opportunistic and does not target users based on nay prior or relevant data. All that’s needed is a phone number. These are the most basic of scams and yet still they work.
If there is any intelligence applied to the scam it’s in the fake websites that capture user login information. Some of these are designed to bypass or capture 2FA codes and they’re often hosted on legitimate infrastructure to trick defensive filters.
Fake Amazon texts and login
Clearly these texts are outside Amazon’s control, and so users are urged to report scams as they come in. Users should also ensure their accounts are fully protected, at least by two-factor authentication and ideally by passkeys.
Amazon is keen to share its key tips to stay safe with those targeted by these attacks:
- “Verify purchases on Amazon. If you receive a message about the purchase of a product or service, do not respond to the message or click on any link in the message; instead, log into your Amazon account or use the Amazon mobile app and confirm that it is really in your purchase history before taking any action.
- Trust Amazon’s app and website. We will not ask for payment over the phone or email—only in our mobile app, on our website, or in one of our physical stores. We will not call and ask you to make a payment or bank transfer on another website.
- Be wary of false urgency. Scammers often try to create a sense of urgency to persuade you to do what they’re asking.
- Don’t be pressured into buying a gift card. We will never ask you to purchase a gift card, and no legitimate sale or transaction will require you to pay with gift cards. Learn more about common gift card scams on our help pages.
- Contact us. If you’re ever unsure, it’s safest to stop engaging with the potential scammer and contact us directly through the Amazon app or website. Do not call numbers sent over text or email, or found in online search results. Remember Amazon will not ask you to download or install any software to connect with customer service nor will we request payment for any customer service support.
- Check what others are saying. See if anyone else has reported a similar situation. In the U.S., Amazon has partnered with the Better Business Bureau to provide consumers a searchable Scam Tracker that enables you to search suspicious communications reported by others by email, URL, phone number, and more.”
America’s Federal Trade Commission (FTC) has now issued a consumer advice notification over these new Amazon refund scams, which it describes as “scammy texts offering ‘refunds’ for Amazon purchases.”
“Scammers are pretending to be Amazon again,” FTC says, which shouldn’t come as a surprise given the sheer scale of this impersonation threat, as evidenced by the sheer scale of Amazon’s response and the scope of takedowns.
“This time,” FTC says, the threat actors are “sending texts claiming there’s a problem with something you bought. They offer a refund if you click a link — but it’s a scam. Here’s how the scam works so you can avoid it.”
FTC sets out what consumers can expect to see if they’re under attack. “You get an unexpected text that looks like it’s from Amazon. It claims the company did a ‘routine quality inspection’ and an item you recently bought doesn’t meet Amazon’s standards or has been recalled. The text offers you a full refund and says you don’t need to return the item — as long as you click a link to request your money back. But there is no refund. Instead, it’s a phishing scam to steal your money or personal information.”
It’s not just the FTC amplifying this warning. Per one Californian District Attorney, “Amazon recently advised its subscribers of a new round of scam emails purporting to be from Amazon either about delivery of an item that was not ordered or increase in the cost of a Prime Membership. The email contains a link to cancel the subscription due to the purported increase in cost which leads to a fake site requesting input of membership information that then allows scammers to access your Amazon account.”
One of the challenges for consumers who might do some online research after receiving one of these texts, will be the surprise Amazon refunds doing the rounds some months ago. Per CNET, “If you were surprised by an Amazon refund from years ago, here’s why,” with some customers “receiving large refunds, years after their purchases.”
CNET explains that “These surprise Amazon refunds seem to have arisen from an internal Amazon review, possibly in response to a 2023 lawsuit.” That action “claimed Amazon had quietly reversed legitimate return-related refunds for some shoppers.”
if you receive a refund text now, ignore the desk research and delete the text. If you have any doubts, follow Amazon’s advice and log into your account as normal. You will receive any notifications there as well, and you’ll know they’re actually real.