Translate this page to any language by choosing a language in the box below.

Phishing and Vishing Identity Theft Scams
The Amazon "Online payment Successfully" Scam

"All you need is your email address and Amazon password"
Call: 866-968-1109

You may have received a phone call about the same subject. It is an attempt to get you to enter confidential information (typically a social security number, name, address, bank account information, etc., to allow the scammers to steal your identity and open credit cards in your name.

This email was not sent by Amazon; This is referred to as spoofing (making a fake email that looks legitimate, "phishing" (when by email) or "vishing" (when by telephone). If you receive an email similar to the one below, DO NOT call them and do not click on the link, and do not enter any information on the forms there.

The phone number (and sometimes a  website) that the email directs you to is a spoof; does not below to Amazon. It goes to the scammer  or other websites (they constantly hack and change destinations), not Amazon Online payment Successfully! When you enter the information they ask for, you will simply be handing the thieves the keys to your bank accounts.  That is how spoofing, phishing and vishing works.

Remember, no reputable business would send you an email or a phone call requesting your personal account information. AMZON will never EVER phone you and ask for your password or email address.  Think about it: they already know them! Any such email you receive asking for this information should be considered phony and brought to the attention of the business being 'phished'.

We have highlighted in yellow some of the obvious signs that this is a scam;  an email address (gmail.com) that does not match the company (Amazon); a phone number that does not belong to Amazon and a demand that you act almost immediately (with 24 hours) or lose your Rights.

Below are actual phishing emails that started circulating in 2021

 From: Jack Wells [mailto:amazon.confirmation443@gmail.com]
Sent: Wednesday, May 5, 2021 7:41 AM
To: your email address
Subject: Online payment Successfully

 

Ease of online payments.
It's simple and quick. There's no need to enter
your card number every time you make a purchase
online. All you need is your email address and
Amazon password.

 

Dear User,

 

Thankyou for making online payment.

Your Order is In under Review.
You are received this e-mail because you registered with this email while purchase.

Order Summary    
Item(s) Subtotal:          649.999 USD
Shipping :                 0.00    USD
Total before tax :         0.00    USD
Grand Total :              649.999 USD

Payment Mode: Card attached with amazon account.
Purchase : Apple iphone xr 64 GB.

Payment Status : On-hold

 

You have 24 Hours to cancel please reach us.
If you didn't authorized this transaction
Call us now at :- +1 866-968-1109.

 
NOTE: - THIS IS SYSTEM GENERATED EMAIL ANY REPLY TO THIS EMAIL WILL NOT CANCEL YOUR ORDER. PLEASE REACH US TO CANCEL.

 
Kind Regards,
Manager-customer support

 

Phone -           +1 866-968-1109
Mon-Sat   :       10:00 AM - 04:00 PM (EST)
Sunday Closed

Issues with this transaction?
You have 24 hours from the date of the transaction to open a dispute.
For assistance Call +1 866-968-1109

 

Report the scam to Amazon

To report a scam email to Amazon, submit a scam report to Amazon.

You may also forward phishing emails and other suspected forgeries directly to Amazon at stop-spoofing@amazon.com.

Amazon also has the following direct links for specific situations based on how you have responded to email.

• I have not shared any information
• I have shared Amazon account information
• I have shared Banking information
• I have given remote access to my computer/devices
• I have shared other information

Report unsolicited packages received

• Unsolicited package received

Report Gift Card Fraud/Abuse

• Common Gift Card Scams

 

What is Phishing?

Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information such as account usernames and passwords that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.

Learn More About Phishing

The following documents and websites can help you learn more about phishing and how to protect yourself against phishing attacks.

• Avoiding Social Engineering and Phishing Attacks
• Protecting Your Privacy
• Understanding Web Site Certificates
• Anti-Phishing Working Group (APWG)
• Federal Trade Commission, Identity Theft
• Recognizing and Avoiding Email Scams

Methods of Reporting Phishing Email to US-CERT

• In Outlook Express, you can create a new message and drag and drop the phishing email into the new message. Address the message to phishing-report@us-cert.gov  and send it.
• In Outlook Express you can also open the email message^* and select File > Properties > Details. The email headers will appear. You can copy these as you normally copy text and include it in a new message tophishing-report@us-cert.gov .
• If you cannot forward the email message, at a minimum, please send the URL of the phishing website.
  

* If the suspicious mail in question includes a file attachment, it is safer to simply highlight the message and forward it. Some configurations, especially in Windows environments, may allow the execution of arbitrary code upon opening and viewing a malicious email message.

For more information about phishing, see this page.

Recommendations- What to do:

• DO NOT call the number.
• DO NOT click on any links in the email.
• Report the scam to Amazon Here's how:
  Open a new email and attach the email you suspect is fake.
  For suspicious webpages, copy & paste the link into the email body.
  If you can't send the email as an attachment, forward it.
  Send the email to stop-spoofing@amazon.com
  Note: Sending the suspicious email as an attachment is the best way for us to track it.
  Note: Amazon can't respond personally when you report a suspicious correspondence to stop-spoofing@amazon.com, but you may receive an automatic confirmation. If you have security concerns about your account, please contact us.
• Aside from the above, JUST ignore the email. It is, without any doubt, a scam, if it looks ANYTHING like the one about.
• Only open email or IM attachments that come from a trusted source and that are expected
• Look at the email address, is the domain Amazon.com?  Amzon employees would NEVER use a gmail, yahoo or other email account other than Amazon.com
• The phone number: make sure the number they provide matches the number on Amazon's website or on the back of your credit or debit card if it is issued by Amazon.
• Use an anti-virus/anti-spam package (we recommend Norton 360 or Norton Internet Security scan all attachments prior to opening. Click here to see Norton 360 prices, reviews, ordering, etc. .
• Delete the messages without opening any attachments
• Do not click on links in emails that come from people you do not know and trust, even if it looks like it comes from a company you know.
• Keep your anti-virus software up to date
• Keep your operating system up to date with current security patches. Click here for an article that describes how to do this.

And please let us know about any suspicious calls or emails you receive.  We look for patterns so that we can alert the authorities and victims to new scams, before it is too late!

 

 

---

 

For a comprehensive list of national and international agencies to report scams, see this page.