Online shoppers are being conned out of £100s after giving up bank details to authentic-looking emails claiming to be from Amazon. Protect yourself online by NEVER providing sensitive information in an email.
The spoof email, being sent from 'firstname.lastname@example.org', suggests the recipient has made an order by mimicking an automatic customer email notification.
In a clever twist playing on concerns that you hadn't made the 'purchase' yourself, it then tells you to click on a 'help centre' link to receive a full refund from the retail giant for the unauthorised transaction.
This link leads to a convincing-looking website which asks you to confirm your name, address and bank card details.
Once that info has been divulged, the fraudsters behind the bogus email are able to siphon funds from bank accounts.
This scam – the latest to afflict Amazon – highlights why it's crucial you don't share banking details in an email as major companies such as Amazon would never ask for your PIN, password or other personal info to be provided in this way.
Check our 30+ Ways to Stop Scams guide for more on how to protect yourself online.
Scammers pocketed £750 from one victim
One victim who was duped into revealing his Nationwide banking details later found that £750 had been stolen from his account.
Fortunately for this particular customer, Nationwide was quick to provide a full refund and cancel the affected card.
Action Fraud, the UK's fraud and cyber crime reporting centre, has warned that people across the country may have fallen victim to this sophisticated scam. If you've unwittingly provided your bank details to the scammers you should notify your bank ASAP so it can cancel your card and process a refund.
MSE team members targeted by the scam
This far-reaching fraud has even penetrated MSE Towers, with a number of our staff spotting the scam email in their inbox in recent days.
MSE deals editor Gary Caffell says: "When I spotted an email supposedly from Amazon in my inbox confirming an order for something I had not bought, I was initially concerned.
"However, on closer inspection it was clear to me it was a scam, so I didn't click anything. Part of my job means I'm always actively on the lookout for things like this, but I know a lot of people would fall for it as the emails can look convincing, which is a worry."
What should I be looking out for?
In one example below, the scam email claims that recipients have ordered an expensive vintage chandelier. Other reported examples include Bose stereos, iPhones, cameras and luxury watches.
The suspicious emails will often contain:
- Links to websites that look like Amazon.co.uk, but aren't
- Attachments or prompts to install software on your computer
- Typos or grammatical errors
- Forged (or spoof) email addresses to make it look like the email is coming from Amazon.co.uk
An Amazon spokesperson told us: "The best way to ensure that you do not respond to a false or 'phishing' email is to always go directly to your account on Amazon to review or make any changes to your orders or your account. Customers can access their account by visiting [the Amazon website] and clicking on the 'your account' link in the top right hand corner of any page.
"We would ask any customer who believes that they have received a false or phishing email to alert us via our email@example.com email address."
You can find out more about identifying suspicious emails claiming to be from Amazon.
What should I do if I receive one of these bogus emails?
To report a fraud and cyber crime and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use the online fraud reporting tool.
If you've been conned into disclosing account details you should also get in touch with your bank ASAP.