Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission.

Amazon email scam could cost up to £750 - here's what you should look out for

One shopper lost £750 after clicking on the link in what looks like an automatic customer email

Zlata Rodionova
Friday 06 January 2017 10:42 GMT
Comments
Emails from Amazon will never ask you for personal information
Emails from Amazon will never ask you for personal information (Reuters)

Amazon customers have been warned they could lose hundreds of pounds if they fall for a “convincing” fake email scam.

Action Fraud, the UK’s fraud and cyber-crime centre, said the spoofed emails from “service@amazon.co.uk” claim recipients have made an order online and mimic an automatic customer email notification.

The number of people who have been sent the fake email is unclear, although Action Fraud said it had received several reports about the scam.

The email claims shoppers have ordered products including an expensive vintage chandelier, Bose stereos, iPhones and luxury watches.

In order to get a shopper’s financial information, the email cleverly indicates that if the recipient didn’t authorise the transaction they can click on the supposed help centre link provided to receive a full refund.

One shopper lost £750 after clicking on the link.

After the victim notified their bank, Nationwide, their credit card was cancelled and the lost money refunded in full.

Amazon completes first drone delivery in the UK

So what should you look out for to make sure you don’t fall for the scam?

Suspicious links

Amazon said that scam emails will often contain links to websites that look like Amazon.co.uk, but aren’t Amazon.co.uk.

Legitimate sites have a dot before “amazon.co.uk”, such as http://“something”.amazon.co.uk (usually “www”).

Sites such as “payments-amazon.com” aren’t Amazon sites. Amazon will also never send emails with links to an IP address (string of numbers), such as “http://123.456.789.123/amazon.co.uk/”.

Beware of attachments

Don’t click on attachments or prompts to install software on your computer.

If you’ve already opened an attachment or clicked a suspicious link, go to Protect Your System.

Typos or grammatical errors

An official email from Amazon will not contain typos. Delete it. American spellings in emails purporting to be from Amazon in the UK can also be a giveaway.

Make sure your computer is configured securely

Candid Wüest, Threat Researcher at Symantec, told The Independent: “Configuring popular internet applications such as your web browser and email software is one of the most important areas to focus on.

“The strongest security settings will give you the most control over what happens online but may also frustrate some people with a large number of questions (‘This may not be safe, are you sure you want do this?’) or the inability to do what they want to do. Often security and privacy settings can be properly configured without any sort of special expertise by simply using the ‘help’ feature of your software or reading the vendor’s website.”

Amazon will never ask for personal information to be supplied by email

Requests for your Amazon username, password or any other personal information should be ignored.

The online retailer will never ask for this information to be supplied by email.

I already clicked on the email, what should I do?

If you have already clicked on the suspicious email you can report a fraud and receive a police crime reference number by calling Action Fraud on 0300 123 2040, alternatively you can use this online fraud reporting tool.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in