You might receive emails from Amazon, such as Sold, Ship Now emails or Technical
Notification emails. However, sometimes you might receive emails that are not really
from Amazon, even if at first glance they may appear to be. Instead, such emails are
falsified and attempt to convince you to reveal sensitive account information.
These false emails, also called "spoofed" emails or "phishing," look similar to
legitimate emails from Amazon. Often these emails direct you to a false website that
looks similar to an Amazon website, where you might be asked to give account
information, such as your email address and password combination.
Unfortunately, these false websites can steal your sensitive information, which can then
be used without your knowledge to commit fraud.
To protect yourself from responding to these emails, you can follow some simple
Know what Amazon won't ask in
email: Amazon will not ask you for the following information in an email
Your bank account information,
credit card number, PIN number, or credit card security code (including
"updates" to any of the above)
Your mother's maiden name or other
information to identify you, such as your birth city or your favorite pet's
Your Amazon or Seller Central
Review the email for grammatical or
typographical errors: Watch for poor grammar or typographical errors. Many
phishing emails are translated from other languages or are sent without being
Check the return address:
Genuine emails from Amazon always will come from an address ending in "@amazon.com."
Check the email's header information. If the "received from," "reply to," or "return
path" for the email does not come from "@amazon.com," it is not from Amazon. Most
email programs let you examine the source of the email. The method you use to check
the header information varies depending upon the email program you use. The following
are some examples of fraudulent return addresses:
Check the website address: Some
phishers set up spoofed websites that contain the word "amazon" somewhere in the
URL. Genuine Amazon websites always end with ".amazon.com" or
"sellercentral.amazon.com." We will never use a combination such as
"security-amazon.com" or "amazon.com.biz."
When in doubt, go directly to
Amazon or the Seller Central website: Some phishing emails include a link that
looks as though it will take you to your Amazon account, but it is really a shortened
link to a completely different website. If you hover over the link with your mouse
when viewing the message in your email client, you often can see the underlying false
website address, either as a pop-up or as information in the browser status bar.
Note: The hover technique can
be fooled. If you do click on a link, always look at the URL in your browser when the
The best way to ensure
that you do not respond to a phishing email is to always go directly to your seller
account to review or make any changes to the account. When in doubt, do not click on a
link in an email.
Do not unsubscribe: Never
follow instructions contained in a forged email that claim to provide a method for
unsubscribing. Many spammers use these unsubscribe processes to create a list of
valid, working email addresses.
Use the features in Seller Central
to track your orders: The Sold, Ship Now email notification is a useful tool.
However, you can find the most accurate and up-to-date information for your orders
using the Manage Orders feature in your seller account.
If an offer sounds too good to be
true, it probably is: Sometimes phisher emails will offer you deals, such as a
discount or a free item, in return for completing a simple task, (for example,
signing in to your seller account). We recommend that you never sign in to your
seller account by clicking on a link embedded in email.
Help stop phishers and spoofers
You can make a difference. Amazon has filed several
lawsuits against phishers and spoofers. These lawsuits began with sellers alerting
Amazon to suspicious emails. As part of our ongoing commitment to stop spoofing, you can
help us investigate spoofed emails. Send us the original spoofed email, with the
complete header information, using our report phishing form.
To locate the header information, configure your email program to
show All Headers.
(This varies, depending on the email program you use.) The headers we need are well
labeled and will look similar to this example:
X-Date: Tue, 08 Apr 2003 21:02:08 +0000
Amazon is not able to respond to all
emails reporting spoofed emails or phishing, although we do read them and take action as
appropriate. If you have specific questions about your account, search Seller Central
Help or contact us