Online stores and services have made impressive bounds in recent years to compete with the Amazon Effect — offering same- and next-day shipping, instant streaming, and even grocery delivery. Just as we have embraced the opportunity to streamline our lives through the capabilities of technology, so have scammers and hackers to take advantage of our online presence.

In a recent phishing scam, cybercriminals are masquerading as customer service representatives for popular online stores or services such as Amazon, Netflix, Apple, and PayPal in emails or text messages to individual customers. The ploy is to persuade consumers into clicking on in-message links and divulging personal information in order to resolve a situation the scammer has described. A typical scam would go something like this:

Sally receives an email from Amazon, of which she has been a loyal customer for several years, saying there was a problem confirming the address associated with her account. It explains Sally will not be able to access her Amazon account again until clicking on the link provided and verifying all of her information.

What Sally does not know is that the email is fraudulent and the in-message link would take her to a third-party website carrying malware, her computer would be flooded with hackers, and her sensitive financial information would be in jeopardy.

Scammers take every precaution to make these messages seem as legitimate as possible to fool you into thinking they’re real, which may include the company’s logo, brand colors, and web address. Luckily, there are a few ways to spot a fake:

  • Generic greetings such as “Dear customer” or your email address instead of your name
  • The sender’s email address is very long and does not include the company’s domain
  • Asking for usernames, passwords, Social Security numbers, or billing information
  • Poor grammar, misspellings, and typos
  • Rushing to act quickly to avoid being locked out of your account

Reputable institutions will not ask you to confirm or update your personal information via email or text message. It is vital never to click on links, download files, or reply to suspicious, unsolicited messages with sensitive information — they are malicious and will likely corrupt your device. If you do receive an email you are unsure about, hover your cursor over the in-message link to reveal the real URL you will be directed to and contact the actual company directly via phone, live chat or email to follow up.

Then, forward phishing emails to the Federal Trade Commission at [email protected] and the Anti-Phishing Working Group at [email protected]. Report suspicious texts to Global System for Mobile Association’s Spam Reporting Service at 7726.

For more on phishing, check out “Phishing for trouble: How to identify and avoid getting hooked.” Then, visit our security page to keep an eye on the latest scams.