


























Amazon April attack warning for 300 million users.
NurPhoto via Getty Images
With an estimated 310 million active customers, the term online retail giant certainly applies to Amazon. Another is “major cybercrime target,” and a new warning for anyone who ordered from Amazon in March is illustrative of many facing users. Here’s what you need to know and what Amazon recommends all customers should do.
The latest ongoing phishing attack uses emails, purporting to come from Amazon support, that suggest a purchase has a safety issue and a product recall is in place. The supplied link that offers options for a full refund or replacement is, of course, actually designed to steal your Amazon account login credentials.
Forbes1 Billion Microsoft Users Warned As Angry Hacker Drops 0-Day Exploit
Did you buy anything from Amazon during the month of March? If the answer is yes, then this warning is very much for you. Hackers love all big brands, as any Gmail or WhatsApp user should be well aware. Amazon, however, is also right up there as a primary target for those looking to fool you into handing over account credentials. Indeed, I reported about a very similar Amazon attack campaign as recently as February 18.
The latest Amazon account-hacking campaign takes the form of a bogus email purporting to come from Amazon support, warning the user that a product they purchased in March 2026 has been recalled on safety grounds. This is a common tactic used by attackers to impersonate the Amazon brand, and it’s important to be cautious because it can be quite dangerous.
“We are writing to inform you of a product recall affecting an item from your March 2026 order, due to a design defect which may present a potential safety risk,” the email states.
Shrewd readers will note that it does not specify the actual product itself, which is the first red flag. What the email does do, however, is use urgency (“discontinue use of the product immediately”) alongside financial temptation (“receive a complete refund”) to tempt the recipient into clicking the order review link. That’s the second red flag: the link is presented in a URL-shortening service format, rather than being to Amazon itself.
ForbesNew Password Stealer Bypasses 2FA—Chrome, Edge And Firefox TargetedBy Davey WinderThe campaign itself is likely not highly targeted but rather is just using a spray-and-pray tactic, hoping that the email drops into enough Amazon customers’ inboxes, which is a fair bet given the number of us who use it, and have purchased something in the previous month.
I have reached out to Amazon for a statement regarding this specific threat campaign, but to stay safe, I would suggest taking note of existing Amazon impersonation scam mitigation advice: Only use the Amazon mobile app or website for customer service, account changes, delivery tracking, and refunds.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。