Security, Privacy & Accessibility

At Amazon.co.uk, we're 100 percent committed to protecting your security and privacy.

We know that when you shop online, you want to know that your name, address, credit card details and any other information you give us is kept safe and secure, and we promise to do that.

Amazon's complete commitment to customer service means we'll make sure you, and only you, can access your account or view your financial details.

And because we know how annoying junk mail is, we promise not to pass on your e-mail address, home address or any other details to any party.

Click on the links on the left to find out more.

Identifying Spoof E-mails

From time to time, you might receive e-mails from Amazon.co.uk, such as your "Sold, dispatch now" e-mails, listing confirmation messages, or deposit notifications. In some cases, however, these e-mails do not come from Amazon.co.uk; instead, they are falsified and attempt to convince you to reveal sensitive account information. These false e-mails, also called "spoof e-mails" or "phishing e-mails", look similar to real Amazon.co.uk e-mail. Often these e-mails direct you to a false Web site that looks similar to the Amazon.co.uk Web site, where you might be asked to provide account information such as your e-mail address and password combination.

Unfortunately, these false Web sites can steal your sensitive information; later, this information can be used without your knowledge to commit fraud.

To protect yourself from responding to these e-mails and revealing sensitive or private information, you can follow a few simple rules.

Know What Amazon.co.uk Won't Ask For

Amazon.co.uk will never ask you for the following information in an e-mail communication:

• Your National Insurance Number
• Your bank account information, credit card number, PIN number, or credit card security code (including "updates" to any of the above)
• Your mother's maiden name or other information to identify you (such as your city of birth or your favorite pet's name)
• Your Amazon.co.uk password

Review Grammatical Or Typographical Errors

Be on the lookout for poor grammar or typographical errors. Many phishing e-mails are translated from other languages or are sent without being proof-read. As a result, these messages can contain bad grammar or typographical errors.

Check the Return Address

Is the e-mail from Amazon.co.uk or from a "phisher"? Genuine e-mails come from an e-mail address ending in "@amazon.co.uk" or "@amazon.com".

While phishers often send forged e-mail to make it look like it comes from Amazon.co.uk, you can frequently determine whether it's authentic by checking the return address. If the "from" line of the e-mail looks like "amazon-security@hotmail.com" or "amazon-payments@msn.com," or contains the name of another Internet Service Provider (ISP), you can be sure it is a fraudulent e-mail.

Most e-mail clients let you examine the source of the e-mail. Check the e-mail header information to see that the "received from," "reply to," and "return path" for the e-mail comes from @amazon.com or @amazon.co.uk. The method you use to check the header information varies depending upon the e-mail client you use.

Check the Web Site Address

Some phishers set up spoofed Web sites that contain the word "amazon" somewhere in the URL. Genuine Amazon.co.uk Web sites always end with ".amazon.com" or "amazon.co.uk", that is, "www.amazon.com" or "www.amazon.co.uk".

We never use a combination such as "security-amazon.com" or "amazon.com.biz".

When In Doubt, Go Directly To the Amazon.co.uk Web Site

Some phishing e-mails include a link that looks as though it will take you to your account, but it is really a shortened link to a completely different Web site. If you hover over the link with your mouse when viewing the message in your e-mail client, you often can see the underlying false Web address, either as a pop-up or as information in the browser status bar.

Note: Hover can be fooled. If you do click on a link, you should always look at the URL in your browser when the page opens.

The best way to ensure that you do not respond to a phishing e-mail is to always go directly to your account to review or make any changes to the account. Never click a link embedded in an e-mail.

Do not "Unsubscribe"

Never follow any instructions contained in a forged e-mail that claim to provide a method for "unsubscribing." Many spammers use these "unsubscribe" processes to create a list of valid, working e-mail addresses.

How You Can Help Stop Phishers and Spoofers

You can make a difference! Amazon.co.uk has filed several lawsuits against phishers and spoofers; these lawsuits came about from information provided to Amazon.co.uk through the stop-spoofing@amazon.com e-mail address.

Report Spoofed E-mails To Amazon.co.uk

• Create a new e-mail to stop-spoofing@amazon.com and attach the original, spoofed e-mail. Sending the e-mail as an attachment is the best way to preserve the "header information," which makes it easier for Amazon.co.uk to trace the origin of the forgery.
• If you cannot send the forged e-mail as an attachment, forward the e-mail to stop-spoofing@amazon.com, and include as much of the header information as you can. To find the header information, configure your e-mail client to show All Headers (this varies depending upon the e-mail client you use). The headers we need are well labeled and look similar to this:

X-Sender: someone@domain.com

X-Sender-IP: [10.1.2.3]

X-Date: Tue, 08 Apr 2003 21:02:08 +0000 (UTC)

X-Recipient: you@domain.com

X-OUID: 1

• Please note: Amazon.co.uk will not be able to respond to all of the e-mails it receives through the stop-spoofing@amazon.com mailbox. If you have specific questions about your account, check our Help pages or Contact Us.