Phishing scam – "Your order cannot be shipped"


General Finance

A common dilemma at this time of year is whether you should brave the shops or not. If you can't handle hunting for a car parking space, dodging the large crowds or the 'out of stock' signs, it might be best to do your Christmas shopping online.

Once you've placed your order, you’ll usually get a confirmation email from the seller. But not all are genuine – fraudsters are targeting customers with fake Amazon emails claiming that their order cannot be shipped.

To make sure you know how to spot this scam email, we're taking you through the details.

The scam

The email – sent to both Amazon members and non-members – claims that there's a problem processing your order and that you need to click on a link to confirm your account.

It also claims that you will not be able to access your Amazon account or place any orders until the company verifies your information. The link takes you to a fraudulent site that closely resembles the Amazon website.

The page asks you to sign in with your Amazon account email address and password. It then asks you to supply your personal and financial details such as your name, address and credit card details. If you provide this information, criminals will be able to log into your Amazon account. From here, they'll be able to make purchases in your name or fraudulent credit card transactions.

Fraudsters know that Amazon is incredibly popular at this time of year and that you're more likely to click on the email as a result. Even if you’ve not actually shopped with Amazon, you might click on it if you worry that someone's hacked your account.

The email is likely to reappear in the lead up to Christmas after first circulating around Black Friday and Cyber Monday – so watch out!

What to look out for

Firstly, Amazon will never ask you for sensitive information by email. They won’t ask you to send:

• your National Insurance Number,

• your bank account information, credit card number, PIN number, or credit card security code,

• your mother's maiden name or other information to identify you, or

• your Amazon password.

It's important to know how to spot a phishing email – as it's not only Amazon that fraudsters impersonate. You should watch out for the following warning signs.

• Look out for poor grammar or spelling in emails, as this can be a tell-tale sign of a phishing scam.

• Check the true sender of an email by clicking on the address bar. Be suspicious if the email is from a Hotmail or Gmail account and is posing as a well-known company.

• Never open attachments or links included in unsolicited emails. You can find the real destination of a hyperlink by using your mouse to hover over the link. The intended URL address will show up in the bottom left-hand corner of your screen.

• Make sure you have up-to-date antivirus and security updates installed onto your computer to help block viruses.

Using PayPal this Christmas? Make sure you know how to spot a scam PayPal email.

< Back to articles