Shortly after I signed off of work last night, I checked my smartphone for the first time in an hour or so and discovered I'd missed a call. The waiting voicemail claimed to be from Amazon customer service warning me my account had been compromised by the unauthorized purchase of a refurbished $650 iPhone 6. The purchase had been stopped, the caller said, but my Amazon account would be closed if I did not call them back at 1-866-850-3558.
Of course, my first reaction was anxiety that someone had gained access to my finances. My first urge was the return the call and fix the issue. But I stopped myself and considered the possibilities.
First, I checked my Amazon account to ensure I still had unimpeded access to it and check on the alleged unauthorized purchase. As I did that, in another tab in my browser, I was pulling up Amazon's customer service chat.
While my account looked fine online, I contacted Amazon just to be sure. Within five minutes of chatting with Jennifer R. at Amazon customer service, I'd learned that the call was indeed an attempt to get me to reveal personal information to cybercriminals.
Shortly after our chat, Jennifer R. sent me an email confirming the retailer's contact procedures:
Although some departments at Amazon.com make outbound calls to customers, we'll never call you asking that you disclose or verify your Amazon.com password, credit card, or banking account number. Such information should only be submitted when completing an order on Amazon.com, registering to sell on Amazon, contacting Amazon.com directly, or when making updates to Your Account or Seller Account areas.
If you receive a suspicious call, or encounter any other uses of the Amazon.com name that you think may be fraudulent, please don't hesitate to report it here:
(Even though the form is for email, it can also be used for calls.)
If you ever respond to a suspicious call, email, or visit a forged website and enter your Amazon.com login and password (or any other personal information), unauthorized individuals may have collected that information; we recommend that you update your Amazon.com password immediately. If you provided financial information, you may want to contact your bank or credit card provider.
To read more about ways to protect yourself from phishing, visit our Help pages:
While I'll never claim to be 100-percent secure or smarter than cybercriminals, I do like to think my experiences with Innovative Computing Systems arm me with the knowledge and skills to avoid most phishing attempts and other cyberattacks.
Key is keeping a healthy suspicion regarding irregular communications. If you aren't expecting it, double-check its source.
How are you celebrating this year's National Cybersecurity Awareness Month?