New Holiday Scam Targets Amazon Prime Users with Fake Invoices
Rawpixel / Shutterstock
Toggle Dark Mode
A new scam hitting inboxes right now uses convincing emails designed to look like they come from Amazon Prime Video, claiming to show information about the victim’s streaming subscription renewal.
AppleInsider reports one of its team members has seen fraudulent Amazon billing notices appear in their inbox. The email includes an attached PDF invoice that contains language designed to alarm the target and prompt them to call a “renewal hotline” that’s almost certainly run by scammers.
At first glance, the messages appear to be legitimate and coming from Amazon’s billing system, complete with a PDF that looks like an official receipt. The document includes a fabricated order ID and invoice number showing a renewal charge that the recipient never authorized.
The scam email urges recipients to call within a very short window if they have not approved the payment. The email includes a phone number that connects the targeted victim to scammers’ “support staff.”
Some versions of the email ask users to “Review & Sign” a subscription agreement and include a faux Prime Video receipt as an attached PDF, which appears to come from Signaturely, a legitimate electronic signature service.
The fraudulent document uses an email address that is not the recipient’s and a domain that is not owned by Amazon.
While the document superficially appears to be a genuine Amazon receipt, cracks appear under scrutiny. A close examination reveals that the billing notices come from random domains, not a single domain owned by Amazon. The retail and streaming giant would also never instruct customers to call a phone number to resolve a billing issue, nor would it ask users to confirm billing activity by involving Signaturely or an external signature service.
As noted by Mactrast, these scams exploit the trust consumers place in large companies like Amazon, Apple, or other well-known corporations.
Scammer activity like this tends to increase during the hectic holiday season, as bad actors count on victims to accept scam communications as part of the genuine order and delivery update process. By instilling a false sense of urgency, the scammers hope to cause victims to panic and not clearly think things through before taking action.
What Does Amazon Say?
For its part, Amazon warns its customers to ignore emails or text messages demanding any immediate action or requesting that they call a phone number listed in the email to verify account or billing information. Never call a number, click a link, or open an attachment in an email or text message. Instead, contact the company only via the support phone numbers and link listed on the genuine Amazon website, or, even better, in the Amazon app.
Genuine order confirmations will only appear in the “Your Orders” page on the Amazon website or in the merchant’s app. This is good advice for dealing with any supposed communication from online merchants or services.
Report any suspicious “Amazon” emails you may receive at: stop-spoofing@amazon.com. Customers are also urged to enable two-factor authentication on their accounts to provide an additional layer of security.
For more advice and information about current scams, check out Amazon’s security help page.
What to Keep an Eye Out For
Immediately be suspicious of any emails that attempt to create a false sense of urgency to spur you into action. Emails from bad actors will often include “invoices” in a PDF attachment that include outrageously large subscription renewal amounts, and are worded to make you think your financial world is coming down around you and that it can only be resolved by calling a fake support phone number immediately!
Check the sender’s email address for unfamiliar domains or slight misspellings designed to deceive you. Do not open any attachments or click any links in an email or text message. Instead, only contact Amazon or any other company via their legitimate website or app, or by calling a known-good phone number listed on their website or in their app.
