Amazon password attacks are currently a prominent concern, with hackers impersonating the retail giant through malicious messages to steal user passwords and gain unauthorized access to accounts. Amazon acknowledges this threat, stating, “Scammers that attempt to impersonate Amazon put consumers at risk.” However, accounts face an even greater risk from attackers who may have obtained passwords through data breaches, information-stealing malware campaigns, or simply because the passwords are weak and easily deciphered. Given the recent surge in these attacks, addressing these security vulnerabilities promptly is critical.

A recurring Amazon scam involves the promise of a refund for a recent purchase, delivered via a text message containing a link “to request your refund.” Clicking this link directs users to a deceptive sign-in page designed to steal their credentials. Both the Federal Trade Commission (FTC) and the Better Business Bureau have issued warnings regarding such scams. Amazon asserts its commitment to consumer protection and public education on scam avoidance, encouraging users to report suspected scams to allow for account protection and referral of malicious actors to law enforcement.

Amazon advises customers to enhance their account security by utilizing two-step verification and Passkeys. The company provides resources on the importance of Passkeys and how to enroll. Guardio has reported an evolution and resurgence of the refund scam, with a new version of the text phrasing first appearing on August 9, increasing by 590% on August 10, and continuing to surge, totaling almost a 1000% increase in just a few days.

You Might Also Like
Google and Qualcomm among HMD Global investors to present an affordable Nokia 5G phone in 2020
An affordable Nokia 5G phone is coming this year
5 key features to look for in on-premise scheduling software
5 key features to look for in on-premise scheduling software
Best Android apps to download free wallpapers and backgrounds
Best Android apps to download free wallpapers and backgrounds

Recent reports highlight the prevalence of common and easily guessable passwords. NordPass publishes a list of the “most common passwords,” which hackers are likely to possess. CyberNews analyzed passwords from a collation of “19 billion leaked passwords,” emphasizing the value of such aggregated breach data for attackers. Even more revealing is CyberGhost’s list of the “worst passwords in the last decade,” which illustrates patterns to avoid, including keyboard sequences, numerical series, animal names, sports, cars, and celebrity names. CyberGhost humorously questions, “Have you immortalized your beloved dog, Charlie, in all of your online passwords?” highlighting how personal dedications can compromise digital safety.

The imperative to add a Passkey and enable two-factor authentication (2FA) on Amazon accounts is significant. As a high-value target, Amazon does not mandate 2FA for all accounts, leaving a substantial number vulnerable with only password protection. CyberGhost’s data reveals that 81% of account breaches stem from weak passwords, 60% of individuals reuse the same passwords across multiple accounts, and 90% express concern about account compromises.