Don’t be fooled during back-to-school: These are the Amazon scams currently targeting students that you need to watch out for
Prime membership scares, ‘canceled’ Amazon accounts and more
Back-to-school season has been in full swing for some time now, complete with the usual array of serious bargains to be had in the sales, as you’ve doubtless noticed. But while it’s a great time to be hunting out, say, a new laptop with a hefty discount, students about to go back to college or university should be keenly aware that they are being hunted, too – in a way.
Apologies for the ominous phrasing, but the reality is that cybercriminals are busy laying traps for students. As a new report makes clear, Amazon isn’t just about scoring laptop deals at this time of year, but there are also scams related to the online retail giant which you should be aware of.
Three different scams commonly used to target students are brought to our attention by Franz Ostendorff, author and editor at Casinorevisor.com. These are Prime membership scams, account suspension/deletion stings, and Amazon text scams, so let’s look at them in turn (before adding a recently uncovered scam of our own later).
Prime mover
Attempted swindles based on Prime memberships is a newer take on Amazon-related fraud, and as you might expect, these appear as messages (email, text) or maybe even calls that draw your attention to some kind of ‘problem’ with your membership, typically that the subscription has expired. They will inevitably try to extract payment information from you, such as bank or card details.
If you receive an unexpected notification about your Prime membership, don’t ever use any of the links provided in the message. Go directly to your Amazon account in your browser, and check your Prime subscription details there if you need to soothe any fears that maybe your membership has indeed expired as claimed. (To do this, go to the Amazon website, click on Account & Lists, and under the Your Account column, click on Your Prime Membership – at the top, you can see your renewal date and official subscription status).
The same is true for any message that you receive from Amazon or another company or service, incidentally, in terms of not using the links embedded in them. Always go directly to the company site and log in there to check any details such as your account status, whether that’s for Prime, or anything else.
The second scam Ostendorff warns about is the account suspension trick, whereby you’ll get a message informing you that your Amazon account is going to be suspended or closed if you don’t take some action. Generally, you’ll get a link to ‘verify your account’ that’ll take you to a malicious website (possibly a fake Amazon lookalike), and this will try to con you into revealing account details (or maybe payment details, or indeed both).
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Again, never use that link, even if it looks genuine. As with the Prime scam, go direct to the Amazon site and check your account for anything amiss there – or message Amazon directly to see if there really is a problem relating to a possible account suspension.
In this case – and other instances of these kinds of messages – be especially wary if the content of the email or text is urging you to do something quickly to avoid some nasty fate like your account being deleted (forever and ever, into eternity – well, you get the idea). Anything trying to rush or panic you is a big red flag for a scam – the malicious party behind the trick is attempting to ensure that you don’t think before you click, and of course, that’s always something you should do.
Check and double check – stay vigilant online
Finally, coming to the Amazon text scam, this is a typical text message sent to your phone, again which often tries to extract login details or other precious information.
In this case, Ostendorff advises: “Amazon will never ask you to disclose your password or verify sensitive personal information over the phone or on any website other than at Amazon.com [or your regional Amazon site].
“Therefore, it is important that you do not click on any links or provide your information to anyone over the phone without authenticating the email or phone call – no matter how legitimate they may sound.
“If you aren’t sure about the status of your account, go directly to Amazon.com [or your regional Amazon site] or on the app to view your account details. The Message Center will display a log of communications sent from Amazon officially.”
Ostendorff also cautions you about general good security practices, which should be par for the course any time you’re online. This means running one of the best antivirus apps for protection, and secondary lines of defense too, such as ensuring that your email has phishing protection on, and your browser may have useful security features too. For example, there’s Microsoft’s SmartScreen in its Edge browser, which you’ll find in Settings > Privacy, search, and services, in the Security section. Or there’s Google Chrome’s Safe Browsing, which is in Settings > Privacy and security > Security (you can also install SmartScreen as an extension in Chrome, by the way).
Exercising typical vigilance around any links or messages, as we’ve already discussed, is also paramount – as is ensuring that your Windows installation (or macOS, or Linux) has all the latest updates applied. Furthermore, make sure that your apps and system trimmings like graphics drivers are kept up-to-date too, as there can potentially be security holes in these otherwise.
Don’t let scammers Captcha your flag
In closing, we’d like to add another warning of a scam that’s a bit more out of left-field which came to our attention recently, and that’s a false Captcha warning in Google’s Chrome browser. You’re doubtless familiar with Captchas popping up on some websites, asking you to tick a box to verify you’re human and not a bot (or you might have to solve a little puzzle, even – usually quite an annoying little puzzle).
There’s a relatively new(ish) piece of deception whereby a website can pop up a pretend Captcha warning which is actually a dialog box to allow the site to send you notifications. Essentially, it’s cleverly disguised as a simple Captcha test – or sometimes not very cleverly disguised – but if you click to ‘verify that you’re human’ what actually happens is that you add the site to Chrome’s permitted list for notifications.
What does that mean in practical terms? The site will immediately start sending you (or spamming you, probably) Windows notifications, badged as from Chrome (which they are), telling you something alarming, typically that you’ve got a virus. And the usual rush job will doubtless be in evidence: “Click here NOW to clean your system with antivirus or your PC will melt.” Clicking is, of course, what you should absolutely not do.
In fact, these pop-ups are harmless unless you click on them. If you happen to be in a situation where you’re spammed by such notifications, just close Chrome – that will stop the notifications coming through. Then you need to go offline, and reopen Chrome – because if you’re offline, the site won’t be able to send these notifications and spam you while you go about applying the remedy.
That remedy is to go into Chrome’s Settings, and head to Privacy and security > Site settings, and under ‘Recent activity’ you’ll see the site that delivered the Captcha pop-up is allowed to send notifications. All you need to do is block that site, and that’s the problem fixed – you won’t see these pop-ups again. As long as you didn’t click on one of the malicious notifications, you’ll be fine – but it’s always a good idea to run a full scan with your antivirus, just to be on the safe side, after any kind of incident like this. You can never be too safe, or secure, when it comes to your online life, after all.
When armed with the correct approach and sense of vigilance, you can happily shop for back-to-school bargains without worrying about an Amazon scam – or anything else – catching you off-guard and ruining your day.
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).