Amazon’s Advice on Security Scams is Actually Pretty Great
Amazon Prime subscribers were recently sent a communication from the online marketplace detailing popular scams and what can be done to protect against them. While we have our own set of best practices to share, we thought we would take a closer look at Amazon’s advice to see how it squares up against our own.
Amazon’s Recommended Practices
The communication sent out by Amazon focused mostly on services related to Amazon. For example, the communication mentions “Prime membership scams” and “Account suspension/Deletion scams.”
To be more precise, this email issued to Prime members describes what to expect from the various scams. For a Prime membership scam, users might encounter messages claiming further fees must be charged to an account in question, or users might have to log in to dispute charges or provide payment information (which, if you think about it, makes zero sense, right?).
According to the official company email: “Amazon will never ask you to provide payment information for products or services over the phone.” If Amazon ever needs you to take action, they recommend confirming through the official website or application and checking for legitimate communications sent through their secure Message Center.
Suspension and deletion scams are also covered in detail here. Amazon describes these attacks as those delivered via text, email, or phone call which attempt to convince users to log in or provide payment information under duress of a lost or suspended account.
According to Amazon’s communication, “Amazon will never ask you to disclose your password or verify sensitive information over the phone or on any website other than Amazon.com.” Again, they double down on any significant communications being sent directly to their secure Message Center, and they urge users to confirm identities before ever responding to these urgent or out-of-place messages.
Other Relevant Amazon-Related Security Tips
Amazon also offers the following advice for anyone who would like additional security information about their platform:
“1. Trust Amazon-owned channels.
Always go through the Amazon mobile app or website when seeking customer service, tech support, or when looking to make changes to your account.
2. Be wary of false urgency.
Scammers may try to create a sense of urgency to persuade you to do what they're asking. Be wary any time someone tries to convince you that you must act now.
3. Never pay over the phone.
Amazon will never ask you to provide payment information, including gift cards (or “verification cards,” as some scammers call them) for products or services over the phone.
4. Verify links first.
Legitimate Amazon websites contain "amazon.com" or "amazon.com/support." Go directly to our website when seeking help with Amazon devices/services, orders or to make changes to your account.”
Augment These Practices with Our Recommendations
Generally speaking, these practices check out perfectly fine, and they are in line with what we would recommend. However, we would like to provide our own perspectives on these recommendations:
- If you have any reason to suspect illegitimate communications are afoot, you should use official channels of communication to either confirm or refute your feelings on the message. You should never respond to a message if you have any reason to believe it could be dangerous. We recommend manually finding the supposed sender’s contact information on the company’s website to verify it first, reaching out only through secure secondary methods.
- If there is any urgent language used in the email, it’s worth being just a hair skeptical of it. Hackers love to use language like this to get users to take action before they think more carefully about it. If the user feels extra pushy in their message, then you should be extra careful.
- You might make purchases or phone payments here and there, even with legitimate businesses, but no company is ever going to ask you to pay in gift cards.
- Don’t click on links in any messages you suspect are fraudulent. Go to the website or your account through your normal methods first to see if there is anything to be concerned about.
Need More Info? Learn More with Us
Amazon has some great advice to keep in mind regarding account security, but we would like to also remind you that these types of attacks are not Amazon-exclusive. You can experience phishing attacks from any vector at any time, so be sure to keep your wits about you and your protections in place. They might just save you from a major headache in the future.
BlackCSI can help your business shore up any potential problems with its security. To learn more, call us today at (717) 620-3042.