Artificial intelligence (AI) has drastically changed the phishing and scamming game, making websites look more realistic and texts more convincing. But ConsumerAffairs researchers have uncovered a telltale mistake that scammers are making and it may help consumers know how they can further detect the nuances of these scams.
The scam often begins with a text from what appears to be Amazon and looks like this:
A careful eye would tell you instantly that there’s a mistake here that instantly says this is a scam. Can you spot it?
It’s the “O” in “Amazon.” It’s actually a zero – “0” – instead of an “O.” But, many people would gloss over something so insignificant.
There’s also the link. It looks like one of the shortened “Bitly” links that many companies use because those links can help companies track customer engagement. Another thing to easily gloss over.
Typically, researchers suggest verifying links with "safe browsing" or "malicious site" checkers. However, these scammers were smart enough to build a link that even Google's Safe Browsing tool said was "no unsafe content found."
Where the scammers' wheels came off
In all honesty, the ConsumerAffairs researchers were 99% sure that this was a scam text, but they wanted to go further and see what the scammers were up to and if there was anything we could do to help our readers stay safe from situations like this.
In fact, there is. Follow along…
When the text was clicked on, it took us to this normal-looking Amazon page where – if we did what the sammers were asking us to do – we would fill in our Amazon account information. It’s there on that page where the scammers left themselves vulnerable.
You can’t click on anything in that graphic because it’s a static image, but the researchers wanted to see what would happen if they clicked on those links for “Privacy Policy,” “Conditions of Use,” etc. And guess what? NONE were clickable. They went absolutely nowhere and the scammers had royally shot themselves in the foot.
And it happened with the Post Office, too!
Shortly after we received the “Amazon Prime” text, here came another one from the U.S. Postal Service about a package delivery. Again, the researchers knew this was a scam, but wanted to see what was behind the curtain so we could inform our readers.
In order, the clicks led to these “postal service” pages where the scammer's goal was to get a credit card number:
Here – just like with Amazon – the scammers failed to build in actual clickable links. If you tried to click on any of the links, they went nowhere fast.
The lessons to be learned
The unwritten lesson here is that you should never click on a link sent in a text. Rather, you should call the company and speak directly to them.
However, we all make mistakes and tend to blitz through texts and click on things without thinking. If you ever fail to abide by the “don’t you dare click on that link” rule and get to what appears to be a real website, remember to try and click on the sub-links to things like “Privacy Policy.” If they don’t work, get off that site immediately.
IMPORTANT NOTE: It’s possible that at some point, the scammers will figure out their mistake and try to rectify the situation, but for now, that’s your best move.
What Amazon wants you to know and do
Amazon doesn’t like this kind of nonsense, but scammers don’t care. Amazon is the second most impersonated organization, having to sweat it out with over a billion phishing emails sent every single day.
A spokesperson for Amazon told ConsumerAffairs that your ace in the hole in keeping yourself safe is this:
“To find out if a message is really from Amazon, visit the Message Center under ‘Your Account.’ Legitimate messages from Amazon will appear there as the Message Center displays a log of authentic communications sent from Amazon,” the spokesperson suggested.
Amazon also added that you can also report suspicious communication to the company at amazon.com/reportascam and that it might be smart to read up on how you can further identify and avoid impersonation scams: