Help > Privacy & Security > Identifying Phishing or Spoofed E-mails
 

Help Topics
Privacy & Security
Privacy Notice
Conditions of Use
Safety and Security Tips
Our Efforts to Stop Spoofing
Your Amazon.com Bill of Rights
A-to-z Guarantee Protection
Identifying Phishing or Spoofed E-mails
Shipping & Delivery
Shipping Rates
Domestic Shipping Rates
Amazon Prime
Guaranteed Accelerated Delivery
FREE Super Saver Shipping
Shipping Restrictions
Delivery Estimates
Tracking Packages
Where's My Stuff?
Amazon and the Environment
More...
Privacy & Security
A-to-Z Guarantee Protection
Identifying Phishing E-Mails
Safety & Security Tips
Credit Card Security
Privacy Notice
More...
Returns & Replacements
Return Policy
Refunds
Exchanging a Broken or Incorrect Item
Packing and Sending Your Return
Returns to Amazon Merchants
More...
Ordering
New Customers
Amazon Merchants
1-Click Ordering
Product Recalls
Warranties
More...
Payment, Pricing & Promotions
Payment Methods We Accept
Gift Certificates
Rebates
Promotional Offers
More...
Viewing and Changing Orders
Problem with an Order?
Changing Address or Payment for an Order
Canceling Orders
Combining Orders
More...
Gifts, Gift Certificates & Gift Registries
Sending Gifts
Wish Lists
Baby Registry
Gift Certificates
More...
Updating Account Information
Using Your Account
Updating Payment Information
Adding or Deleting Addresses
Changing E-Mail Address or Password
Updating Subscriptions
More...
Amazon.com Shopping Experience
Our Site Features
Your Media Library
Digital Content
Recommendations
More...
Selling at Amazon.com
Quick Start
Policies, Glossaries & FAQs
More...
Publisher & Vendor Guides
List and Sell Books
List and Sell DVDs
On-Demand Publishing
More...
Business Opportunities
Advantage
Associates
Web Services
Mechanical Turk
More...
Identifying Phishing or Spoofed E-mails

From time to time, you might receive e-mails that look like they come from Amazon.com, but they are, in fact, falsified. Often these e-mails direct you to a Web site that looks similar to the Amazon.com Web site, where you might be asked to provide account information such as your e-mail address and password combination. Unfortunately, these false Web sites can steal your sensitive information; later, this information may be used to commit fraud. Some phishing messages contain potential viruses or malware that can detect passwords or sensitive data. We recommend that you install an anti-virus program and keep it updated at all times.

Below are some key points to look for in order to identify these e-mails:

1. Know what Amazon.com won't ask for

Amazon.com will never ask you for the following information in an e-mail communication:

  • Your social security number or tax identification number
  • Your credit card number, PIN number, or credit card security code (including "updates" to any of the above)
  • Your mother's maiden name
  • Your Amazon.com password

2. Requests to verify or confirm your account information

Amazon.com will not ask you to verify or confirm your Amazon.com account information by clicking on a link from an e-mail.

3. Attachments on suspicious e-mails

We recommend that you do not open any e-mail attachments from suspicious or unknown sources. E-mail attachments can contain viruses that may infect your computer when the attachment is opened or accessed. If you receive a suspicious e-mail purportedly sent from Amazon.com that contains an attachment, we recommend that you delete it and do not open the attachment.

4. Grammatical or typographical errors

Be on the lookout for poor grammar or typographical errors. Some phishing e-mails are translated from other languages or are sent without being proofread, and as a result, contain bad grammar or typographical errors.

5. Check the return address

Is the e-mail from Amazon.com? While phishers often send forged e-mail to make it look like it came from Amazon.com, you can sometimes determine whether or not it's authentic by checking the return address. If the "from" line of the e-mail looks like "amazon-security@hotmail.com" or "amazon-fraud@msn.com," or contains the name of another Internet service provider, you can be sure it is a fraudulent e-mail.

6. Check the Web site address

Genuine Amazon.com web sites are always hosted on the "amazon.com" domain--"http://www.amazon.com/. . . " (or "https://www.amazon.com/. . ."). Sometimes the link included in spoofed e-mails looks like a genuine Amazon.com address. You can check where it actually points to by hovering your mouse over the link--the actual Web site where it points to will be shown in the status bar at the bottom of your browser window or as a pop-up.

We never use a web address such as "http://security-amazon.com/. . ." or an IP address (string of numbers) followed by directories such as "http://123.456.789.123/amazon.com/. . . ."

Alternately, sometimes the spoofed e-mail is set up such that if you click anywhere on the text you are taken to the fraudulent Web site. Amazon.com will never send an e-mail that does this. If you accidentally click on such an e-mail and go to a spoofed Web site, do not enter any information and just close that browser window.

7. If an e-mail looks suspicious, go directly to the Amazon.com Web site

When in doubt, do not click the link included in an e-mail. Just go directly to www.amazon.com and click "Your Account" in the top right menu to view recent purchases, or review your account information. If you cannot access your account, or if you see anything suspicious, let us know right away.

8. Do not "unsubscribe"

Never follow any instructions contained in a forged e-mail that claim to provide a method for "unsubscribing." Many spammers use these "unsubscribe" processes to create a list of valid, working e-mail addresses.

9. Protect your account information

If you did click through from a spoofed or suspicious e-mail and you entered your Amazon.com account information you should immediately update your Amazon.com password. You can do this through Your Account by choosing the option to "Change your name, e-mail address, or password" found under Account Settings.

Please be assured that if someone has been able to look at your account, they are not able to see your full credit card information. However, orders can be sent from your account using your credit card so please contact us immediately if you notice any orders that you do not recognize.

However, if you did submit your credit card number to the site linked to from the forged e-mail message, we advise that you take steps to protect your information. You may wish to contact your credit card company, for example, to notify them of this matter. Finally, you should delete that credit card from your Amazon.com account to prevent anyone from improperly regaining access to your account. To do so, click "Edit or delete a credit card" under Payment Settings in Your Account.

How To Report Phishing E-mails or Request Account Assistance

If you have received an e-mail you know is a forgery, or if you think you have been a victim of a phishing attack and you are concerned about your Amazon.com account, please let us know right away:

Report or Contact Us about a Phishing or Spoofed E-mail

Log In
E-mail Address
Password

Self Service Tools
Change your password
View open or recently shipped orders
Track packages
Change payment details
Edit your addresses

Contact Us
Get Express customer service or contact us by e-mail or phone.
 

Search Help Topics

Did this info help?
Yes, I found the information I needed
No, I wasn't able to find the information I needed



Where's My Stuff?
 Shipping & Returns
 Need Help?
Search   
Amazon.com Home  |   Directory of All Stores
International Sites:  Canada  |  United Kingdom  |  Germany  |  Japan  |  France  |  China
Help  |  View Cart  |  Your Account  |  Sell Items  |  1-Click Settings
Investor Relations  |  Press Release  |  Careers at Amazon  |  Join Associates  |  Join Advantage  |  Join Honor System  |  Advertise With Us
Conditions of Use | Privacy Notice © 1996-2007, Amazon.com, Inc. or its affiliates