Holiday season is primetime for fraud
Black Friday and Cyber Monday sales have become a major part of the shopping season on the con-artist calendar. A "new" twist seen this year is the use of email messaging to obtain Amazon account and credit card information. The message states that "your account has been accessed from a different device" and mentions "suspicious" activity, asking you to click a hot link — underlined text — "to Regain Access."
The link takes you to a browser page displaying the Amazon logo and looking remarkably like a normal Amazon sign in page requesting your Amazon log in email address and Amazon password. Clicking on the sign-in button opens a new web page which also looks quite legitimate requesting credit card information and a Social Security Number and is followed by another page to verify driver's license and other personal information. Once you have entered all of this information, the fraudulent web site actually deposits you on the "real" Amazon web site.
I note that this is a new twist because it is the first time I have seen this scam on an imposter web site for a commercial vendor. Similar attempts frequently use imposter bank or credit card email notices and bring into question the legitimacy of other email messages received from businesses.
One basic understanding - legitimate commercial enterprises are well aware of on-line security and do not send this type of message. If you receive one, the best first step is to examine the address of the sender. For Amazon, the address would be Amazon.com; an email from a credit card company address would be from an issuing bank such as citigroup.com or bankofamerica.com. Legitimate commercial web sites display the letters HTTPS or a padlock in the address line of a web page and display the name of the company such as https://Amazon.com.
A second step is to determine if there is any problem with your account. Contact the company that is the assumed source of the email by using a phone number or web site you know is correct. Use the phone number on the back side of a credit card or the one that appears in a commercial web site listed in an internet search or stored in your computer contacts. The third step is to report the scam.
Businesses such as Amazon and credit card companies want to know if there are imposter messages in circulation so report the incident to them. In addition, report the attempted scam to your State consumer protection agency: New York - (800) 771-7755 http://www.ag.ny.gov/bureau/consumer-frauds- bureau; Vermont - (802) 656-3183 https://www.uvm.edu/consumer/
Elliott Greenblott is a retired educator who serves as the Vermont AARP Fraud
Watch Network Coordinator.
TALK TO US
If you'd like to leave a comment (or a tip or a question) about this story with the editors, please email us. We also welcome letters to the editor for publication; you can do that by filling out our letters form and submitting it to the newsroom.