I just received an e-mail saying:
Your Amazon Prime Membership is set to renew on March 04, 2024. However, we’ve noticed that the payment method associated with your Prime membership is no longer valid. To update the default payment method or choose a new one for your membership, please click on the button below and follow the on-screen instructions.
Sincerely, Amazon Prime Team
My skeptical brain kicked in immediately, making me wary of this message, partly because I’m aware of how many phishing scams are out there, and partly because I was fairly sure we’d renewed our Prime membership not too long ago.
The first clue that this was clearly bogus: the sender’s email came from the domain “descenthypnosis.com,” which is not a division of Amazon. Next, when I clicked on the “Update Information” button, I noticed the URL it sent me to first was a Google Doc, and then a second later redirected me to a domain that looked like a bad copy of Amazon’s accounts page.
Incidentally, I would not have clicked on the link in the email if I did not have multiple layers on protection from ransomware and malware on my computer.
I knew there was absolutely no way Amazon was using Google Docs to keep track of customer information of any kind, so I went to the actual Amazon site and verified that our Prime membership had indeed renewed months ago.
But these scammers are counting on recipients not noticing what I noticed and instead blindly providing their credit card details, which would then quickly be used by these unsavory scumbags to run up charges all the way to the maximum. They don’t need every person who receives the scam email — likely in the millions — to fall for it. Even a small percentage of suckers would still create a huge return for the thieves with what is essentially no effort. Similar phishing scams ask you to reset your password on their site, which they then convert to a new password only they can use and you lose access to your account entirely.
Don’t fall for any of it. Instead, forward the suspicious email to reportascam@amazon.com, then block the sender and delete the message. For more info, check this page on the real Amazon site.