It's beginning to look a lot like… scam season. With holidays up around the corner, it's busy days for cyber Grinches ready to empty your bank account.
Retail giant Amazon has warned shoppers in the UK to beware of text scams aimed at draining their bank accounts ahead of Christmas, the busiest time of the year for both retailers and cybercriminals.
The premise of the SMS phishing – or "smishing" – scam is fairly simple and targets stressed-out last-minute gift shoppers who might be less attentive to detail.
Victims would receive a fake message from Amazon that would typically claim a security issue and urge them to click on a link within the message.
Upon clicking on the link, victims are redirected to a website that looks like Amazon – but is a front set up by scammers. The user is asked to log in with their Amazon credentials, and then a new page loads requesting additional information like name and home address.
Cybercriminals can use this information to log into the victim's actual Amazon account, leading to financial losses and identity theft.
One example of such messages reported by the British consumer rights group Which? read: "From Amazon - A new login has been attempted from IP address: 82.966.81.27 (Ipswich). If this was NOT you, secure your account immediately. [amazon-logins.com]."
In another common scam, the target could also receive a message claiming they ordered an item from Amazon they did not and urging them to call the number within the text.
Scammers impersonating Amazon customer service would then try to trick the victim into clicking on an app that gives them access to their devices.
You can protect yourself
Amazon says that "smishing" scams are becoming increasingly advanced – fake messages can even be inserted into a thread of legitimate messages received from the company. Still, there are simple steps to consider to protect yourself.
The most important one is to take a breath and never click on any links or call any numbers within the text, even if the message appears urgent. Scammers will push you to take immediate action – never do that.
Consider that legitimate Amazon links will only appear as amazon.com, amzn.to, amzn.com – or, for its international versions, as amazon.co.uk for the UK, amazon.fr for France, amazon.de for Germany, and so on.
Be aware that emails, text messages, or calls from Amazon will never ask for your personal information. It will never ask for a payment or offer a refund that you do not expect; it will never ask to make a payment outside of Amazon's own website; it will never ask for remote access to your device via an app.
If in doubt, log into your Amazon account using the official website or app – there will be a message informing you of a problem if something did happen. If targeted by scammers, inform Amazon – it will monitor your account and report suspicious activity to the police.
More from Cybernews:
Subscribe to our newsletter