The consumer rights group Which? issued the warning this week stating that anyone with an account with the online shopping giant should be aware of the scam. The scam consists of a person reviving a text message which claims to be from Amazon. The fake messages sent by scammers encourage recipients to follow a link to secure their account following what has been an “attempted log in”.
One style of text people are receiving reads: “Amazon: We detected a login into your account from a new device on 27/09/2022 at 15:10:08 UTC.
“If this wasn’t you, you can terminate that session via: [Default Web Site Page].”
In its investigation into the texts, the consumer watchdog found the website which had been linked to had been registered in September 2022.
The group stated this was a “giveaway” that the scammers were using a dodgy new website which they had created.
READ MORE: Liz Truss makes u-turn on tax cuts – market reaction
While another text message read: “From Amazon – A new login has been attempted from IP address: 82.966.81.27 (Ipswich). If this was NOT you, secure your account immediately. [amazon-logins.com].”
Which? also found that this website had only been registered in September and that the phone numbers used for each text had been linked to similar Amazon impersonation scams previously.
When clicking on the link included in the texts, the investigators at Which? were taken to a “convincing” website imitating the real Amazon site.
The page takes the user to a login page where they are prompted to enter their Amazon account details.
The fake Amazon website later asks the user to enter their full name, date of birth, mobile number, home address and email address.
Which? highlighted that this is where a person’s personal data is stolen which could make them “vulnerable” to having money taken from their account.
It could also leave them at risk of being a victim of a future scam.
Which? explained that the links which were included on the fake website page, things to Conditions of Use, Privacy Notice and Need Help all led nowhere.
READ MORE: Britons lose billions in five common scams – how to avoid them
The consumer group stated that this was the “clearest sign” that these websites aren’t genuine.
An Amazon spokesperson told Which?: “These messages were not sent by Amazon.
“Scammers that attempt to impersonate Amazon put our customers and our brand at risk. Although these scams take place outside our store, we will continue to invest in protecting customers and educating the public on scam avoidance.
“We encourage customers to report suspected scams to us so that we can protect their accounts and refer bad actors to law enforcement to help keep consumers safe.”
Amazon urged its customers to visit their help pages located on the Amazon website for help on how to identify scams and how they can report them.
Amazon explained scam texts will “often claim” there is a problem with a customer’s account, ask for sensitive information such as passwords, or state that the recipient is owed a refund.
The group confirmed in its statement that it “will never” ask for a customer’s password or personal information by text message or ask customers to make a payment outside of its website.
Which? has reported the fake text messages and fake websites to National Cyber Security Centre (NCSC).