In a phishing attack, the hackers’ goal is to get their hands on your personal information, like your credit card number, social security or account password. Pretending to be a large retail corporation, the fraudsters send out an official-looking email or text message, usually with a link to a fraudulent website designed to look just like a legitimate site.
Researchers recently discovered that hackers have been sending out spoofed Amazon order notification emails in recent months. The email resembles your run-of-the-mill order confirmation, except that the order is false and the charge is significant.
Naturally, if you believe you’re being charged for a substantial amount, you would want to reach out to Amazon. But in this instance, if you use the link in the phishing email to get in contact, you’ll be redirected to a fake Amazon webpage with a false phone number to dial. If you call, the fraudsters won’t initially pick up, but they’ll soon call back, asking you to provide your card number, expiration date and CVV to “cancel the order.” And just like that, they’ve got your information.
These types of attacks are commonplace throughout the year, but expect a surge in messages claiming to be from Amazon, Best Buy, Walmart, Target or other large retailers during the holidays.
If you receive an email asking you to update your payment method or requesting other personal information, contact the company’s help desk to make sure the email is legit before you do anything else.
In addition, you should consider installing an anti-phishing app (like RedFox Anti-Phishing & Scam Detector) that will help you quickly and efficiently detect any malicious link that comes to you by email or via SMS.