How do I report phishing emails to Amazon?

Amazon takes phishing emails and attempts to steal customer information very seriously. If you receive an email that looks like it came from Amazon but you think may be a phishing attempt, it’s important to report it to help protect yourself and others.

What are phishing emails?

Phishing emails are fraudulent emails designed to steal your personal information. They often look like they are from a legitimate company like Amazon, but are actually from scammers.

These emails may:

• Ask you to click on a fake link that takes you to a fraudulent website
• Ask you to download an infected attachment
• Request sensitive information like your username, password, or credit card details

Phishing emails often have a sense of urgency, threatening your account if you don’t act. They prey on fear to get you to click without thinking first. Always be wary of unsolicited emails asking for your personal or financial information.

How to recognize phishing emails

Phishing emails can be tricky to spot, but there are some red flags to watch out for:

• Generic greetings like “Dear customer” instead of your name
• Suspicious links that don’t match the actual Amazon website URL
• Spelling and grammatical errors
• Threats to close your account or take urgent action
• Requests for sensitive personal information
• Attachments from an unknown sender

Even if an email looks legitimate, be cautious about clicking any links or downloading attachments. When in doubt, go directly to the Amazon website by typing the URL into your browser.

How to report a phishing email

If you receive an email you think is a phishing attempt:

1. Do not click any links, open attachments, or reply
2. Forward the suspicious email to [email protected]
3. Delete the email immediately

Amazon’s stop-spoofing email address allows you to forward suspicious emails for investigation. Sending the phishing attempt to this address alerts Amazon security to block the malicious sender.

You can also report phishing emails directly from your Amazon account:

1. Login to your Amazon account
2. Go to Your Account > Login & Security
3. Under “Sign-in and security,” select “Suspicious activity”
4. Click “Report suspicious email”
5. Enter the full email header information and submit

The header information helps Amazon track down the source of the phishing attempt. Do not click Reply or Forward from your email provider, as this can reveal your email address to scammers. Instead, copy and paste the full header into Amazon’s report form.

What happens after you report a phishing email?

Once reported, Amazon investigates the phishing attempt and takes steps to protect customers, including:

• Blocking the malicious sender from contacting Amazon customers
• Monitoring and taking down fraudulent websites or accounts
• Enhancing security systems to identify new phishing schemes
• Collaborating with other companies and anti-phishing groups
• Working with law enforcement to prosecute scammers

Amazon does not provide individual updates on each report. But your help identifying and reporting phishing scams assists Amazon in keeping its systems and customers protected.

Tips to avoid phishing scams

Here are some tips to protect yourself from phishing emails and scams:

• Never provide sensitive personal or financial information in an email
• Verify the sender email address matches the official Amazon domain
• Check for spelling and grammatical mistakes
• Hover over links to preview the URL before clicking
• Enable two-factor authentication on your Amazon account
• Watch out for time-limited offers or threats to close your account
• Report any suspicious emails instead of engaging

Amazon will never ask for your password, credit card information, or any other sensitive data by email. If you need to provide financial information, go directly to the Amazon website and log in.

How to identify official Amazon emails

Amazon sends various notifications and emails to customers. To identify legitimate Amazon emails:

• The sender address ends in @amazon.com, @marketplace.amazon.com, @amazon.co.uk, etc.
• There are no spelling or grammatical errors
• Your name or account username is in the greeting
• The email provides helpful information or content relevant to you
• Any links go to the official Amazon website URL
• There are no threats or requests for sensitive information

Amazon email communications may include order confirmations, shipping updates, customer surveys, account notices, Prime membership reminders, and more. These are normal business communications.

Beware of emails from Amazon addresses that don’t match the official domain naming conventions. Even a slight misspelling like using “xml” instead of “xrn” can indicate a phishing attempt.

Protecting your Amazon account

In addition to being cautious about phishing scams, you should take measures to actively protect your Amazon account:

• Use a strong, unique password
• Enable two-step verification for logins
• Check your account order history periodically for any suspicious purchases
• Beware of phone calls asking for account information – Amazon does not make unsolicited calls
• Close your browser when finished shopping on Amazon
• Monitor your linked bank statements and credit cards for unusual activity

Activating login approvals will prompt you to enter a secure one-time code sent to your phone anytime an unrecognized device attempts to access your Amazon account. This provides an extra layer of security on top of your password.

If you ever suspect your account has been compromised, change your password immediately and report unauthorized charges. Enabling two-factor authentication can also help secure your account if your password is stolen.

What to do if you provided personal information

If you mistakenly provided sensitive information in response to a phishing email, take these steps right away:

1. Change your Amazon account password – do not reuse old passwords
2. Remove any payment methods stored on your Amazon account to prevent fraudulent charges
3. Contact your bank or credit card company if you provided financial account numbers
4. Monitor your financial statements closely for any suspicious activity
5. Enable two-factor authentication on your Amazon account
6. Run antivirus software to check for any malware installed from attachments or links

Updating your login credentials prevents scammers from accessing your account with stolen information. Notifying your bank can help block fraudulent use of your financial data. Remain vigilant and continue checking your Amazon account regularly for any signs of misuse.

Reporting scams to other organizations

In addition to reporting to Amazon, you may want to notify other organizations about phishing scams:

• IRS: Report IRS and tax-related phishing scams at https://www.irs.gov/privacy-disclosure/report-phishing
• Social media sites: Report phishing posts or accounts through the site’s reporting process
• Better Business Bureau: File a scam report at https://www.bbb.org/scamtracker/us
• Federal Trade Commission: Submit phishing email details at https://reportfraud.ftc.gov/
• AARP Fraud Watch Network: Report scams against older Americans at 877-908-3360
• State attorney general: Look up contact information for your state AG office

By reporting to these organizations, you can help get fraudulent domains shut down, warn other potential victims, and assist investigations into larger phishing operations. The more people who report scams, the less opportunity scammers have to keep profiting from their schemes.

Educating yourself about phishing

Ongoing education is one of the best defenses against phishing. Learn to recognize the signs of malicious emails so you can identify scams more quickly. Some useful resources include:

• FTC consumer information: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
• Microsoft Safety & Security Center: https://www.microsoft.com/en-us/safety/online-privacy/phish-avoid-scams.aspx
• Amazon Security Center: https://www.amazon.com/gp/help/customer/display.html?nodeId=201489210
• Anti-Phishing Working Group: https://apwg.org/resources/how-to-report-phishing/
• AARP Fraud Watch Network: https://www.aarp.org/money/scams-fraud/

The more you learn about common phishing tactics, the less likely you’ll be fooled. Stay vigilant and trust your instincts – if an email looks suspicious, report it.

Conclusion

Phishing scams can seem authentic, but with attention to detail, you can identify fraudulent emails that attempt to steal your personal information. If you receive any communication claiming to be from Amazon that looks suspicious, report it immediately.

By forwarding phishing emails to [email protected] or filing a report through your Amazon account, you can help strengthen security and prevent financial loss. Protect yourself further by using strong account passwords, enabling two-factor authentication, and monitoring your financial statements.

Stay alert, watch for red flags, and think twice before providing sensitive data by email. With caution and awareness, you can safely navigate the convenience of online shopping and services.