Phishing scams are nothing new, but that doesn’t mean they should be taken for granted. It’s not necessarily the complexity of the scam that will catch you out, it could be the timing of it.
Here’s how I was caught out by the latest phishing scam.
I do a lot of writing on fraud and cyber security, and consider myself to be pretty clue-up when it comes to phishing attacks. But then I got caught out by one and I still can’t quite believe it.
What’s the Amazon phishing scam?
The latest in a long line of phishing scams sees fraudsters sending an email that says it’s from the manager of your workplace. They’re in a meeting with clients and have an urgent task for you.
They then ask for your phone number so they can explain in more detail.
Once they have your number, the scammers send you a message on WhatsApp outlining how they urgently need £500 worth of Amazon vouchers to give to clients, and ask if this is something you can help with.
Once you have the vouchers, they ask you to send photos of the vouchers numbers and reciepts.
And once that’s been completed, you’ve been scammed out of £500.
It sounds pretty basic and not something that anyone in their right mind would fall for. So how did I fall for it?
It was all in the timing.
How to fall for a phishing scam
Fraudsters send out phishing emails on an industrial scale, and I receive as many as anyone – usually to my personal email accounts and usually not very well targeted.
But although it was pretty basic, there were a couple of things about this one that all combined to catch me off guard.
The first was that it was sent to my professional email address, which I assumed would have been secure to this type of email (as an aside, the email security appears to have been stepped up since this email got through).
The next was the timing – it was a very busy Monday morning, and I had my head in any number of tasks, so to get an email of such urgency from the CEO caught me well off guard. It being from the CEO also meant it had enough authority for me to take notice, without me having the confidence to call and question them.
Then there was the email itself – sent from their phone with none of the usual spelling mistakes associated with these emails. Even the address is came from – conferencemeeting41@gmail.com – could have looked legitimate in the circumstances, although I was so caught off guard that I never checked the sender’s address – this should always be the first thing you check!
And although the request itself was quite strange, I justified its authenticity in my head as I am one of the few people in the business who works remotely all of the time, and so might have been best placed to carry out this task.
In short, it was the perfect storm and it caught me out perfectly. Thankfully, I realised in time to get the vouchers cancelled and a refund from Amazon.
Here’s what to do if you get caught out.
What to do if you get caught out by a phishing scam
If you do get caught out by this or a similar Amazon vouchers scam, the first thing you need to do is get in touch with Amazon to report it and have the vouchers cancelled. You can get in touch with Amazon’s fraud team by going to https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GRGRY7AQ3LMPXVCV
I was fortunate enough to have realised in time to have the vouchers cancelled before they had been spent, and so was able to get a refund from Amazon.
It’s also worth getting in touch with your bank or credit card company, to explain that the spending on your card was done fraudulently – although, in this case there’s nothing they can do as you have physically bought the vouchers yourself, which means it’s not covered as part of their fraud policy.
How to avoid Amazon payment scams
Amazon issues the following advice on avoiding online payment scams:
- Don’t send money (by cash, wire transfer, Western Union, PayPal, MoneyGram or other means) to a seller who claims that Amazon will guarantee the transaction, refund your funds if you’re not satisfied with the purchase or hold your funds in escrow.
- Don’t make a payment to claim lottery or prize winnings, or on a promise of receiving a large amount of money.
- Don’t make a payment because you’re guaranteed a credit card or loan.
- Don’t respond to an internet or phone offer that you’re not sure is honest.
- Don’t make a payment to someone that you don’t know or whose identity you can’t verify.
- Don’t respond to emails that ask you to provide account information, such as your email address and password combination. Amazon will never ask you for personal information. To learn more, see Identifying whether an email is from Amazon.
For more tips, check out our blog: What is phishing? And how can you avoid it?
Have you been the victim of a phishing scam? Share your cautionary tale with our community in the comments section below.