• Home
  • cyber
  • Amazon: Scammers pose as Amazon support to steal your account
cyber Cyber Attack

Amazon: Scammers pose as Amazon support to steal your account

Mar 1, 2026 2 min read
Amazon: Scammers pose as Amazon support to steal your account

Amazon Phishing Scam Targets Customers with Fake Product Recall Emails

Cybercriminals are exploiting Amazon’s vast customer base reportedly 310 million active users by impersonating the retail giant in a wave of phishing attacks. The latest campaign uses a "product recall" lure, sending emails claiming a purchased item has a safety defect requiring immediate attention.

The fraudulent messages, spotted by The Mirror, read: “Dear Customer, we are writing to inform you of a product recall affecting an item from your March 2026 order due to a design defect that may pose a potential safety risk.” The emails are deliberately vague, increasing the likelihood that recipients will assume the notice applies to them. Links in the message redirect victims to fake Amazon login pages designed to steal credentials.

This tactic mirrors previous "spray and pray" phishing schemes, where scammers cast a wide net with generic but plausible messages. The holiday season saw a surge in Amazon account takeovers (ATOs), and this latest variation shows no signs of slowing.

Amazon customers who receive such emails are advised to avoid clicking links and instead verify messages through the official app or website. Legitimate communications from Amazon appear in the account’s Message Center. Those who fall victim should immediately change their passwords, enable two-factor authentication, and monitor financial accounts for unauthorized activity.

The scam has been reported in the UK, with similar tactics likely targeting users globally. Authorities recommend reporting phishing attempts to Amazon and forwarding suspicious texts or emails to designated spam-reporting channels.

Source: https://www.malwarebytes.com/blog/news/2026/04/scammers-pose-as-amazon-support-to-steal-your-account

Amazon cybersecurity rating report: https://www.rankiteo.com/company/amazon

"id": "AMA1775744757",
"linkid": "amazon",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Retail',
                        'location': 'Global (reported in UK)',
                        'name': 'Amazon',
                        'size': 'Large (310 million active users)',
                        'type': 'E-commerce'}],
 'attack_vector': 'Email',
 'customer_advisories': 'Amazon customers advised to verify messages through '
                        'the official app or website, avoid clicking links in '
                        'suspicious emails, change passwords, enable '
                        'two-factor authentication, and monitor financial '
                        'accounts for unauthorized activity.',
 'data_breach': {'sensitivity_of_data': 'High (Amazon account access)',
                 'type_of_data_compromised': 'Login credentials'},
 'description': 'Cybercriminals are exploiting Amazon’s vast customer base by '
                'impersonating the retail giant in a wave of phishing attacks. '
                "The latest campaign uses a 'product recall' lure, sending "
                'emails claiming a purchased item has a safety defect '
                'requiring immediate attention. The fraudulent messages '
                'redirect victims to fake Amazon login pages designed to steal '
                'credentials.',
 'impact': {'brand_reputation_impact': 'Potential damage due to impersonation',
            'data_compromised': 'Amazon login credentials',
            'identity_theft_risk': 'High'},
 'lessons_learned': 'Phishing campaigns continue to evolve with generic but '
                    'plausible lures, requiring heightened customer awareness '
                    'and verification of communications.',
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'root_causes': 'Social engineering tactics '
                                           "exploiting trust in Amazon's brand "
                                           'and generic phishing lures.'},
 'recommendations': 'Avoid clicking links in unsolicited emails, verify '
                    'messages through official channels, enable two-factor '
                    'authentication, and report phishing attempts to Amazon '
                    'and authorities.',
 'references': [{'source': 'The Mirror'}],
 'response': {'communication_strategy': 'Advisories to verify messages through '
                                        'official app/website and report '
                                        'phishing attempts',
              'remediation_measures': 'Customers advised to change passwords, '
                                      'enable two-factor authentication, and '
                                      'monitor financial accounts'},
 'threat_actor': 'Cybercriminals',
 'title': 'Amazon Phishing Scam Targets Customers with Fake Product Recall '
          'Emails',
 'type': 'Phishing',
 'vulnerability_exploited': 'Social Engineering'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.