Action Fraud, the UK’s fraud reporting centre, has warned of a widespread phone scam targeting Amazon customers. The phone calls are automated and inform recipients that their Amazon account has been hacked. Victims are asked to press “1” in order to be connected with a human. This human will then use social engineering–that is, work to persuade them–in order to convince the victim to install remote access software on their computers. That malware then allows the attackers to steal financial information. The Mirror says one victim lost £25,000 to this scam.
If you receive a phone call like this and are unsure of its legitimacy, Action Fraud says you should hang up and call Amazon using the customer service line on its website. The Mirror quotes Pauline Smith, the head of Action Fraud, as saying you should always be suspicious of these types of calls, which is good advice at any time.
“Unsolicited requests to remote access your computer should always raise a red flag,” Smith said. “It’s easy to feel embarrassed when faced with unexpected or complex conversations but it’s okay to stop the discussion if you do not feel in control of it. If you’ve received an unexpected phone call, or other communication, stop and take a minute to think about whether an organisation would get in touch with you out of the blue in this way. Instead, contact them directly using a known email or phone number.”
Amazon echoed this advice in a statement, emphasising that it won’t ask for personal information over the phone.
“If you receive a suspicious phone call, email or text message claiming to be from Amazon, asking for payment, personal information or offering a refund you do not expect, please do not share any personal information, and disconnect any phone call immediately,” the company said. “Please also note that Amazon will never ask for your personal information, or ask you to make a payment outside of our website. If you received an e-mail regarding an order or Prime membership, or anything that you don’t recognise, please forward the e-mail to firstname.lastname@example.org and then delete it. Do not click on any links in such emails.”
These types of scams are very common, but they’re easy to recognise once you know what to look for. Unfortunately, many people are still unaware of these tactics, and fraudsters will continue churning them out as long as people fall for them. New-school security awareness training can teach your employees how to spot phishing techniques.
Request Your Security Awareness Training Demo
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defence.
Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW