Beware fake “place a hold” or “account locked” Amazon emails

ByCraig Haley

One frequent tactic employed by cyber-crooks is to send emails that appear to be from a legitimate company that tells the recipient that their account has been locked, “placed on hold” or suspended.

The email will urge the recipient to click a link embedded in the email to rectify the problem and to regain access to their account. However these links will redirect the recipient to scam websites. Amazon is often targeted by these types of phishing emails because of the popularity of Amazon and that so many people will have an Amazon account.

SCAM
Type of Scam: Phishing Email
Attack Type: Link to Phishing Website
Social Engineering Technique: Account has been locked/restricted.

The below example of this scam claims that amazon has “placed a hold on your Amazon account and all pending orders”.

The email below in turn claims the recipient’s account has been locked because “our services detected two unauthorized devices”.

Both emails have a link that the recipient can click to regain access to their account.

However these links do not lead to the Amazon website. They lead to imposter websites specifically crafted to look like the Amazon website. The imposter webpage asks the user to enter their username and password. And if the recipient enters this information, they will be unwittingly sending their login information to crooks.

This, of course, means the crooks will have access to the recipient’s Amazon account where they can make orders, steal personal information and commit identity fraud.


Sponsored Content. Continued below...




It’s a standard phishing scam and these can be avoided in a number of ways. Such tips to avoid phishing scams include –

  • Don’t click links in emails, messages or texts.
  • Always have good security software with anti-phishing features included. Our security software recommendations are here.
  • Always check the web address (URL) of a webpage before entering information into it to make sure you’re on the legitimate website and not a spoof site.
  • If possible, enabler two-factor-authentication on your account, meaning if crooks do steal your password, they still won’t be able to access your online account.

You can report phishing emails to Amazon directly by forwarding them to [email protected].

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)