Check your account now.
Getty Images
Amazon users are being warned that accounts are under attack from “scammers pretending to be Amazon again.” Even America’s FTC has stepped in to tell customers how to avoid this new fake refund campaign that steals account passwords. It is critical you now upgrade the security on your account, as millions have already done.
These text messages include a link to a malicious sign-in page that will trick you into entering your user name and password. This then allows an attacker to log into your account, to change your details, buy products, and ultimately steal your money.
You must never click links in any text messages — especially not those that open sign-in pages. And that warning extends beyond texts. Never log into any of your accounts through a link sent to you, even if it seems to come from a legitimate organization.
There’s a better way to stay safe. You can upgrade the security on your Amazon account to stop attackers stealing your security credentials. You need to add a passkey now.
Amazon tells me “more than 320 million Amazon customers are now using passkeys to experience the convenience of passwordless sign-in on Amazon.com,” and the company is “committed to expanding their availability across more apps and services.”
Under Login $ Security under your Amazon account settings, there is a section where you can check if there’s a passkey on your account and add one if not. This links your account access to the security of your own device, for example the biometrics or PIN on your phone. If an attacker doesn’t have your device, they can’t use your passkey.
You should also select a form of two-step verification (2SV) that’s not SMS based, given how vulnerable SMS messages are to socially engineered attacks. An authenticator app is fine. You must still never share passcodes with anyone, even from an app.
Using passkeys and authenticator apps stops attackers will only stop attackers accessing your account if you never share passcodes and always use your passkey to login. Even if you were to mistakenly add a password to a fake sign-in page, your account is still safe.
“We encourage customers to use two-step verification and Passkeys to help protect their accounts,” Amazon told me, pointing to their sign-up instructions here. That advisory is less than a year old, and reports only 175 million passkey users — that means passkey has almost doubled in those 12-months. That’s a major shift.
As text scams surge, with attackers looking for vulnerable accounts, don’t leave yours exposed. Even if you’re now aware of the latest refund scam, the lure will change and the next one might catch you out. Upgrade your account security now.
This post was created with our nice and easy submission form. Create your post!
