Joseph Steinberg recently got an email that appeared to be from Amazon, thanking him for making a purchase on Prime Day.
The email promised him a $50 bonus if he would click a link and post a review about the item. Steinburg, who is CEO of SecureMySocial, a firm that watches out for problematic posts, didn't bite. Writing in Inc. Magazine, he said he recognized it as one of the countless phishing schemes using Amazon's name and logo.
But many others might easily fall for it. If you had not made a Prime Day purchase you might be highly suspicious, but if you did make a purchase -- and millions of consumers did -- you might throw caution to the wind and go for the 50 bucks.
How to protect yourself
So if you are an Amazon customer, how do you protect yourself from all the scams that try to take advantage of that relationship. Amazon gets asked that question a lot, and has a page on its website that explains how to protect yourself.
For example, if you get an email about an order you didn't place, it's not from Amazon. The company would like you to send the email as an attachment to firstname.lastname@example.org. Make sure you don't open any attachments or click on any links in the email.
Amazon says other scams use a variety of reasons to ask for your user name and password. Should you turn that information over to a scammer, they can buy all kinds of merchandise on your account, charging it to the credit card you have on file.
Other scams will tell you that it's necessary to update your payment information. By directing you to a spoofed site, made to look like it's part of Amazon, the scammer can steal your credit card information.
Black market websites
There are black market sites on the web where scammers can then sell your user name and password, or your credit card info, for a small amount, such as $50 to $100. The purchaser can then use it to make a major purchase -- maybe more than one -- before the fraud is detected.
If you receive a suspicious email that you think could be from Amazon, there is a very simple way to tell if it is. Simply close the email and use your browser to go directly to Amazon.com.
If the email says you need to update your payment information, click on YourAccount and then Manage Payment options. If you really do need to update your payment information, the website will have that information.
There are other dead giveaways as well. Phishing emails sometimes are filled with typos and misspellings. In a legitimate link, the URL should start with https://www.amazon.com, followed by the code for the particular page on the Amazon site. If you don't see that in the link, then it's not a real Amazon webpage.