Amazon Scam Emails: What They Are and How to Protect Yourself From Them

Watch out for Amazon fraud email

If you receive an email that looks like it’s from Amazon but asks you to click a link or enter private account information, don’t do it. These are fake Amazon emails designed to infect your computer with a virus or malware.

Amazon says they never ask customers for the following information: your social security number, tax ID, bank account number, credit card information or PIN, your mother’s maiden name, or your Amazon or Seller Central passwords.

What Is the Amazon Email Scam?

Dozens of people have reported receiving Amazon phishing emails from scammers. Cybercriminals send out fake emails hoping Amazon customers will click a link taking them to a phony website that looks like Amazon’s, but is not. 

Fake login from Amazon scam email.

Often the link takes you to a login that looks exactly like Amazon’s, but you're actually entering your Amazon account login information into a scammer’s website. 

How Does the Amazon Email Scam Work?

Scammers design emails using Amazon logos, colors, and fonts so recipients think they're legitimate and follow the instructions contained within. 

Typically, these emails reference a problem with your delivery and tell you to log in or click a link to resolve it. These links take you to a spoofed website designed to look like Amazon’s. Sometimes, just by clicking the link, your computer is instantly infected by malware. If the link takes you to a login page, and you enter your account information, the scammers will now have your Amazon login.

Amazon scam fake email asking for validation.

Another type of Amazon scam email may mention a security issue with your account and instruct you to validate it with your login credentials. Or, they might say your account has been locked or disabled, and you need to click a link to fix it. Scammers are hoping this type of tactic scares some people into clicking without thinking about it. 

There are dozens of varieties of messages contained in Amazon fraud emails, but as long as you know what to look for, you can avoid getting caught. 

How Do the Amazon Email Scammers Find Victims?

Scammers obtain email addresses in a variety of ways. If you have online accounts, chances are your email address is out there and pretty easy to find. Some of the ways these criminals create their lists are through fake forms for job ads, free downloads, and spoofing websites. They may purchase lists of email addresses from the dark web or use bots to troll the internet and find accounts that way. 

How Do I Avoid Getting Involved in This Scam?

The best way to avoid getting duped by this scam is to know what to look for and what to do. If you receive an email that appears to be from Amazon, but the message has a sense of urgency to it, it may be fake. 

Here are some key things to look for that indicate an email is not legitimate:

  • Examine the “from” email address: If it does not end in @amazon.com, it is probably fake. 
  • Check the “reply to” email address: It should also be from @amazon.com.
  • Don’t click any links in the email: Hold your mouse over them to see where the link goes. If you do click the link, check your browser address bar. If it does not say amazon.com, close it immediately and run a virus scan on your computer.
  • Don't share information: Do not provide any sensitive or personal information if someone requests it through email. 
  • Go to Amazon.com: Use your browser to go to Amazon’s website and log in from there to check any outstanding orders.
  • Avoid suspicious links: Never click a link in the email to “unsubscribe.” These, too, are links that can infect your computer with viruses. Additionally, never open any attachments in the email.
  • Look for SSL: Always check for the SSL to make sure you're actually on Amazon’s website, especially when logging in. 

Email scammers can be very tricky and use official looking email addresses to try and fool you. Some examples might be: amazon-account-validation@gshlephj.com, account-suspension-department@amazon.companyxyz.com, and even amazon.com.biz. Only email addresses that end in @amazon.com are legitimate.

I’m Already a Victim. What Should I Do?

If you've received an email from Amazon and you haven’t done anything with it, report the incident to Amazon and delete the email. If you clicked on a link or entered any account, billing or login information into the spoofed website, follow the instructions below:

  • Use antivirus software: If you don’t have antivirus software, install some immediately.
  • Scan PC: Run a full scan of your computer; delete any viruses or malware found.
  • Update frequently: Keep your operating system and all security patches updated at all times.
  • Reset password: Change your Amazon.com and computer password and make it long and complex.
  • Contact your banks: If you provided any billing, credit card, or bank information, contact those companies and change your account numbers and login information.
  • Seek professional help: If you believe your computer may still be compromised, contact a professional computer company to clean it thoroughly. 

Amazon takes fraud very seriously and recommends that you report these phishing activities by forwarding the emails to them at stop-spoofing@amazon.com.

How Do I Avoid Being Targeted for The Amazon Email Scam?

It’s pretty hard these days to keep your email address private, and eventually, you will end up on a spam list. Therefore, you need to be diligent about scanning emails before doing anything.

Always examine the email headers (from, reply-to, and to address) and hover over links to determine their legitimacy. If the email has poor grammar or appears suspicious, log in to your Amazon account from a secure browser to see if there's anything that needs your attention.