The Better Business Bureau has been warning people for years to not fall for the Amazon text scam – also known as the “fitness watch text” or the “Apple Watch raffle scam” – that sees a congratulatory text message pop up on consumers’ phones, claiming they’ve won Airpods, an Apple Watch or “some other enticing prize from Amazon.”
The text message also includes instructions to click a suspicious link to arrange delivery of the item. The bogus raffle and the suspicious link are part of a phishing con, to trick people into sharing account credentials as well as personal and financial information, the BBB said.
However, the text message is not from Amazon, and is part of what the BBB said is a long list of scams impersonating the online retail giant since the start of the COVID-19 pandemic.
“I shouldn’t have clicked,” said a Burnaby woman who posted on Facebook as a way to warn others about the scam. “I was pumped to win something and I deal with Amazon a lot but don’t fall for this please.
The BBB has shared the following tips on how to deal with text message scams:
- Don’t believe every text you receive. As a general rule, companies cannot send you text messages unless you opt in to receive them. If you receive a text message from a company you have not given permission to contact you in this way, proceed with caution. In fact, any unsolicited text message should be considered a potential scam.
- Know the classic signs of a text scam. In most cases, the text message includes an unusual link and may promise a reward, threaten a punishment, or generally appear harmless because it seems to be coming from an individual or organization you recognize.
- Think before you click. Do not click on links in strange or suspicious text messages. This is likely an attempt to gain access to your personal information or install malware on your device.
- Confirm the information. If an offer seems strange, or too good to be true, contact the company directly by looking up their official contact information online. Call or email customer service to find out if the text message you received is legitimate.
- Ignore instructions to text “STOP” or “NO”. Even if you realize the message is a scam, do not text back for any reason. Scammers may want you to text back to verify that your phone number is an active one. Instead, simply block the number so you won’t receive messages from it in the future.
- Double down on security. In the event the text message was not sent to you randomly, update the login credentials for your Amazon account. If you clicked on the link, do a security sweep for viruses or any malicious software on your device.
- Report any encounters with a scam. Share your scam experiences to help warn and protect others at BBB Scam Tracker.
With the growth in online shopping — particularly during the COVID-19 pandemic — cybercrooks have learned more about how to target people for scams, say B.C.-based tech detectives Derek Manky and David Masson.
Manky is chief of security insights and global threat alliance for Fortinet, a California-based company with a research and development centre in Burnaby, while Ottawa-based Masson is director of enterprise security at Darktrace, a global, U.K.-based company specializing in cybersecurity using artificial intelligence.
Both agree the threats posed to Christmas shoppers have increased as data thieves find new ways to steal people’s data through luring them into bogus gift buying.
Manky says the easiest way to avoid being scammed is to stick with known companies. Even then, he says, online shoppers should check to see that website addresses are correct. Watch out for typos or name modifications.
For example, Masson says, if you want to use Amazon, make sure the web address isn’t ‘amazoom,’ or ‘amazona’ or some other variation.
Further, he adds, “If you're looking for something, my advice would be go and look for it yourself. Don’t wait for someone to look for it for you.”
Such a ‘someone’ could be a crook looking to scam shoppers through what is known as social engineering, the use of lures that attract people via texts, email or social media.
“When you get this kind of thing people tend to — guess what — click on them,” Masson says. “That’s a bad idea.”
Instead of clicking, do a Google search, he suggests. Get the correct website on your own initiative. Some of those clickable items might also contain ‘weaponized’ documents, Manky continues.
And, both stress heavily, do not use credit cards in unsecured Wi-Fi environments. If you can use a VPN or virtual private network, great. If you can’t, “wait until you get home.”
- With reporting files from Jeremy Hainsworth