Shoppers who use Amazon should beware of being stung by phishing scams after one customer had £160 worth of gift cards stolen and goods fraudulently ordered using his details.
Moneywise reader Mike Fox, a retired lecturer from North Wales, purchased five gift cards from the e-tailer worth £40 each to give as presents to family.
The gift cards arrived in an undamaged package and Mike didn’t think any more of it until his relatives told him that four of the five card balances had already been redeemed.
On looking at his Amazon account online, the 72-year-old then discovered an Amazon Prime subscription had been taken out in his name.
Mike telephoned Amazon and it refunded him the £160 that was on the four gift cards as well as the £7.99 monthly Amazon Prime fee.
But when he then ordered three ink cartridges from the e-tailer, Mike says one of the orders was cancelled and a further £112 was spent from his account on Windows 10 software. Again, Amazon refunded Mike for the purchases he hadn’t made, and Mike quickly spent the balance, closed his account, and started a new one using a different email address.
When Moneywise got in touch with Amazon to ask what had gone wrong and if there is a wider issue with its online security, it told us it couldn’t comment on individual cases.
However, it paid Mike an additional £160 – the amount he’d originally had stolen – and said that instances such as this usually occur following a phishing scam – where scammers gain victims’ personal details, often by pretending to be someone else.
An Amazon spokesperson says: “From time to time, customers may receive e-mails appearing to come from Amazon, which are actually false e-mails, sometimes called ‘spoof e-mails’ or ‘phishing e-mails’. These can look similar to real Amazon e-mails but often direct the recipient to a false website where they might be asked to provide account information such as their e-mail address and password combination.”
Earlier this year Action Fraud issued a warning to consumers after receiving several reports of scam emails purporting to be from Amazon, which phished for information to steal money from customers’ bank accounts.
But Mike told us he’s careful to check emails are legitimate and isn’t convinced this is the cause. Amazon also told him he should be careful using the same password on different websites, which implies Mike’s login details potentially could have been stolen from another company hack and used to access his Amazon account.
Mike adds: “My new Amazon account is set up on my iPad with fingerprint recognition, so hopefully this problem will not reoccur. I hope in sharing my story it may prevent others from being caught.”
How to avoid being stung by scammers
Amazon says the best way to ensure you do not respond to a false or phishing email is to always go directly to your account on Amazon to review or make any changes to your orders. You can access your account by visiting amazon.co.uk and clicking on the ‘Your account’ link in the top right hand corner of any page.
It adds that it will never ask you for the following information in e-mail communication:
- Your National Insurance Number.
- Your bank account information, credit card number, PIN, or credit card security code.
- Your mother’s maiden name or other information to identify you, such as your place of birth or your favourite pet’s name.
- Your Amazon.co.uk password.
The e-tailer adds that genuine Amazon emails will be sent from an e-mail address ending in “@amazon.com”, “@amazon.lu” or “@amazon.co.uk”, and while phishers often send forged e-mail to make it look like it comes from Amazon.com or Amazon.co.uk, you can often determine whether it’s authentic by checking the “from” line of the e-mail.
If the phishing e-mail contains a link that looks as though it will take you to your Amazon account, hover over the link without clicking on it and you can sometimes see the underlying web address, either as a popup or as information in the browser status bar.
Consumers should also be on the lookout for poor grammar or typographical errors. Many phishing e-mails are translated from other languages or are sent without being proofread. As a result, these messages can contain bad grammar or typographical errors.
You should also never use the same password for more than one account. Change any passwords where you’ve used the same one for multiple online accounts, and get into the practice of changing your passwords every six months or so.
Report any scams
Amazon says customers who believe they have received a false or phishing email should alert it by emailing email@example.com. If you’ve had fraudulent purchases or changes made to your account you should also contact Amazon’s customer services team online or by calling 0800 279 7234.
If you’ve had money taken fraudulently, also contact your bank or card provider immediately, and report the issue to Action Fraud.
Phishing scams are typically fraudulent email messages from seemingly legitimate sources (your internet service provider, mobile phone provider, bank etc). These messages usually direct you to a counterfeit website or ask you to divulge private information (password, PIN, credit card numbers, or other account updates), which is then used to commit identity theft.
A scheme originally established in 1944 to provide protection against sickness and unemployment as well as helping fund the National Health Service (NHS) and state benefits. NI contributions are compulsory and based on a person’s earnings above a certain threshold. There are several classes of NI, but which one an individual pays depends on whether they are employed, self-employed, unemployed or an employer. Payment of Class 1 contributions by employees gives them entitlement to the basic state pension, the additional state pension, jobseeker’s allowance, employment and support allowance, maternity allowance and bereavement benefits. From April 2016, to qualify for the full state pension, individuals will need 35 years’ of NI contributions.
Used by the holder to buy goods and services, credit cards also have a monthly or annual spending limit, which may be raised or lowered depending on the creditworthiness of the cardholder. But unlike charge cards, borrowers aren’t forced to pay the balance off in full every month and, as long as they make a stated minimum payment, can carry a balance from one month to the next, generating compound interest. As the issuing company is effectively giving you a short-term loan, most credit cards have variable and relatively high interest rates. Allowing the interest to compound for too long may result in dire financial straits.