Manitoba RCMP have become aware of a scam targeting Amazon subscribers and are warning the public to take extra precautions when using online services and purchases.
Police say that an order confirmation email arrives to the intended victim advising what was purchased, where the order will be sent, the total cost of the purchase, as well as a clickable button for order details. The common reaction is that the intended victim immediately identifies that they did not place this order – the mailing address is often incorrect as well – so they click on the order details button.
The screen that comes up is what appears to be the Amazon login page where you are asked for your email and password. However, if you look at the URL (the website address) in your navigation bar, you will see that this is most certainly not an Amazon page. If you login on this page, the individuals who sent you the email will have access to your Amazon login information and can then access your account, where credit card information is often stored, as well as personal identifiers, such as addresses and phone numbers.
If you receive such an email, do not provide your login information. The only time you should login to your accounts is when you have directly navigated to those login pages yourself and can confirm the URL. Report the email to the Canadian Anti-Fraud Centre either online or by phone. If you have logged into your account after receiving such an email, ensure you contact Amazon immediately. If your credit card information is stored in the account, contact your financial institution immediately to begin to take precautions to protect access to your credit card.
While many people find it convenient to shop online, especially during the holidays, it is important to be aware that everything is not always as it seems. Clues to watch out for that indicate an email is not what it appears:
- Link to a suspicious URL
- An unrecognizable email address from the sender (if you are on a mobile device, you will often have to actually click on the sender to see the entire email address come up)
- Spelling mistakes
- Odd spaces and dashes