Beware fake “place a hold” or “account locked” Amazon emails

ByCraig Haley

One frequent tactic employed by cyber-crooks is to send emails that appear to be from a legitimate company that tells the recipient that their account has been locked, “placed on hold” or suspended.

The email will urge the recipient to click a link embedded in the email to rectify the problem and to regain access to their account. However these links will redirect the recipient to scam websites. Amazon is often targeted by these types of phishing emails because of the popularity of Amazon and that so many people will have an Amazon account.

SCAM
Type of Scam: Phishing Email
Attack Type: Link to Phishing Website
Social Engineering Technique: Account has been locked/restricted.

The below example of this scam claims that amazon has “placed a hold on your Amazon account and all pending orders”.

The email below in turn claims the recipient’s account has been locked because “our services detected two unauthorized devices”.

Both emails have a link that the recipient can click to regain access to their account.

However these links do not lead to the Amazon website. They lead to imposter websites specifically crafted to look like the Amazon website. The imposter webpage asks the user to enter their username and password. And if the recipient enters this information, they will be unwittingly sending their login information to crooks.

This, of course, means the crooks will have access to the recipient’s Amazon account where they can make orders, steal personal information and commit identity fraud.


Sponsored Content. Continued below...




It’s a standard phishing scam and these can be avoided in a number of ways. Such tips to avoid phishing scams include –

  • Don’t click links in emails, messages or texts.
  • Always have good security software with anti-phishing features included. Our security software recommendations are here.
  • Always check the web address (URL) of a webpage before entering information into it to make sure you’re on the legitimate website and not a spoof site.
  • If possible, enabler two-factor-authentication on your account, meaning if crooks do steal your password, they still won’t be able to access your online account.

You can report phishing emails to Amazon directly by forwarding them to stop-spoofing@amazon.com.