They steal Amazon accounts to buy behind their owners’ backs



The largest e-commerce and marketplace website in the West – in the East is AliExpress -, Amazon has over 6.5 million users in Spain alone, making it a perfect magnet for retailers. cybercriminals who use this service as bait given the large number of potentials. victims they have.

But be careful if you have an Amazon account, as the PandaLabs team, the Panda Security Laboratory, have detected various phishing techniques in which crooks pose as the popular marketplace to directly obtain your account or bank details.

Steal your Amazon account

One of the best known, the mail with a bogus PO has been around for a long time, and it works like this: Through an email, the sender of which is not Amazon and can use names like than :

  • yellow amazon
  • yellow market
  • Customer service

The crooks claim to be in the marketplace to warn of a purchase made.

According to Panda, “visually, it is similar to Amazon communications, except that in this case invites the victim to access a link to verify his account in the event that you have not made such a purchase. The trick is that the URL redirects the user to a bogus website whose only function is to obtain the email and password for their account ”.

The great scam of alternative offers or the gift card is based on the same principle of a fraudulent URL. “The common denominator is to send an email hook with discounts or gifts”, and to encourage the victim to verify his account on a website designed by cybercriminals or to complete a purchase on a platform external to Amazon. With this they already have your data

Steal your bank details

Another phishing scam involves not to steal your account, but to directly retrieve your bank details. The first warning sign is to receive an email from Amazon in which you are notified of an unauthorized purchase or urging you to receive favorable treatment from the company. In this case, “the cybercriminals invite the victim to create an account on Amazon Business, a type of account which, instead of offering domestic benefits like Prime, is aimed at businesses.”

The trick is as follows, to ‘offer you a 25% discount code on the first purchase’, lCyber ​​crooks claim to need to confirm your Amazon account. This means that you provide them with the access data (e-mail and password) to verify your account.

Moreover, they add that within up to 48 hours they will send the discount code. “When the most likely is that at that moment, they took the opportunity to make a multitude of purchases supplanting the identity of the legitimate owner of the account ”, apunta Hervé Lambert, Global Consumer Operations Manager of Panda Security.

In fact, the key to marking this 48 hour period seems to be adjusting to the one-day shipping service that the Marketplace has. This way, as long as the victim knows that they have been scammed, cybercriminals will have had time to recover the packages.

How to avoid scams and phishing that mimic Amazon

PandaLabs takes this opportunity to give us several tips to avoid falling victim not only to this attempted phishing scam, but others:

  • Look carefully at the email you received. Although company logos do appear, they tend to ignore any reference to the company’s corporate information. Likewise, there are no links to unsubscribe from this type of communication, as required by European regulation of the General Data Protection Regulation.
  • Check the mailbox for other types of communications from the same company, to compare sender and pattern.
  • If you think you’ve been the victim of any of these scams, contact the company through one of its official channels to check if the communication you have received is legitimate. Although the first action, this being the most urgent, cchange account password if you have entered a strange web page.
  • Do not provide your Amazon email and password to any user do not enter them on any page other than the official page. To tell them apart, look for the closed padlock at the beginning of the URL.
  • A legitimate seller of the platform it will never redirect you off the website.
  • Do not perform either no payment to claim the prize or the lotteries or because you are going to be rewarded with a gift card.
  • You are wary if a suspected seller requires sending money in cash or through platforms such as Bizum or PayPal, since any transaction that occurs outside of the platform will lack guarantees regarding the return of money.
  • Do not respond to emails that ask for your information to verify your account or your bank details. Amazon will never ask you for personal information.
  • Install a antivirus or antimalware and keep them up to date.
  • Keep your operating system up to date and with the necessary security accessories up to date.


Disclaimer: This article is generated from the feed and is not edited by our team.



About Author

Comments are closed.