Shoppers who use Amazon should beware of being stung by phishing scams after one customer had £160 worth of gift cards stolen and goods fraudulently ordered using his details.
Moneywise reader Mike Fox, a retired lecturer from North Wales, purchased five gift cards from the e-tailer worth £40 each to give as presents to family.
The gift cards arrived in an undamaged package and Mike didn’t think any more of it until his relatives told him that four of the five card balances had already been redeemed.
On looking at his Amazon account online, the 72-year-old then discovered an Amazon Prime subscription had been taken out in his name.
Mike telephoned Amazon and it refunded him the £160 that was on the four gift cards as well as the £7.99 monthly Amazon Prime fee.
But when he then ordered three ink cartridges from the e-tailer, Mike says one of the orders was cancelled and a further £112 was spent from his account on Windows 10 software. Again, Amazon refunded Mike for the purchases he hadn’t made, and Mike quickly spent the balance, closed his account, and started a new one using a different email address.
When Moneywise got in touch with Amazon to ask what had gone wrong and if there is a wider issue with its online security, it told us it couldn’t comment on individual cases.
However, it paid Mike an additional £160 – the amount he’d originally had stolen - and said that instances such as this usually occur following a phishing scam – where scammers gain victims’ personal details, often by pretending to be someone else.
An Amazon spokesperson says: “From time to time, customers may receive e-mails appearing to come from Amazon, which are actually false e-mails, sometimes called ‘spoof e-mails’ or ‘phishing e-mails’. These can look similar to real Amazon e-mails but often direct the recipient to a false website where they might be asked to provide account information such as their e-mail address and password combination.”
Earlier this year Action Fraud issued a warning to consumers after receiving several reports of scam emails purporting to be from Amazon, which phished for information to steal money from customers’ bank accounts.
But Mike told us he’s careful to check emails are legitimate and isn’t convinced this is the cause. Amazon also told him he should be careful using the same password on different websites, which implies Mike’s login details potentially could have been stolen from another company hack and used to access his Amazon account.
Mike adds: “My new Amazon account is set up on my iPad with fingerprint recognition, so hopefully this problem will not reoccur. I hope in sharing my story it may prevent others from being caught.”
How to avoid being stung by scammers
Amazon says the best way to ensure you do not respond to a false or phishing email is to always go directly to your account on Amazon to review or make any changes to your orders. You can access your account by visiting amazon.co.uk and clicking on the ‘Your account’ link in the top right hand corner of any page.
It adds that it will never ask you for the following information in e-mail communication:
- Your National Insurance Number.
- Your bank account information, credit card number, PIN, or credit card security code.
- Your mother's maiden name or other information to identify you, such as your place of birth or your favourite pet's name.
- Your Amazon.co.uk password.
The e-tailer adds that genuine Amazon emails will be sent from an e-mail address ending in "@amazon.com", “@amazon.lu” or "@amazon.co.uk", and while phishers often send forged e-mail to make it look like it comes from Amazon.com or Amazon.co.uk, you can often determine whether it's authentic by checking the "from" line of the e-mail.
If the phishing e-mail contains a link that looks as though it will take you to your Amazon account, hover over the link without clicking on it and you can sometimes see the underlying web address, either as a popup or as information in the browser status bar.
Consumers should also be on the lookout for poor grammar or typographical errors. Many phishing e-mails are translated from other languages or are sent without being proofread. As a result, these messages can contain bad grammar or typographical errors.
You should also never use the same password for more than one account. Change any passwords where you’ve used the same one for multiple online accounts, and get into the practice of changing your passwords every six months or so.
Report any scams
Amazon says customers who believe they have received a false or phishing email should alert it by emailing email@example.com. If you’ve had fraudulent purchases or changes made to your account you should also contact Amazon’s customer services team online or by calling 0800 279 7234.
If you’ve had money taken fraudulently, also contact your bank or card provider immediately, and report the issue to Action Fraud.