If you’ve received an “Amazon.com, action needed: Sign-in attempt” email, avoid clicking on any links and ignore the message.
This suspicious email alerting users of a sign-in attempt on their Amazon account is a phishing scam trying to fool recipients into providing their login credentials. The worst part? Falling for this malicious scam puts your personal information and banking details at risk.
Find out more about the “Amazon.com, action needed: Sign-in attempt” email scam and what to do if you’ve received one in your inbox.
What is the ‘Amazon.com, action needed: Sign-in attempt’ email scam?
The “Amazon.com, action needed: Sign-in attempt” email is a phishing scam aiming to take advantage of customers due to the popularity of the online marketplace. It involves scammers sending an official-looking email with the subject line “Amazon.com, action needed: Sign-in attempt.”
It states, “Someone who knows your password is attempting to sign in to your account.” It also displays information related to the alleged user trying to get unauthorised access to the account, which commonly differs from the location and device of the recipient.
A link in the email asks users to “approve or deny” the attempt, luring victims to click on the link. However, the link leads to a fake website that appears like a legitimate login page, prompting users to input their username and password.
If a recipient enters their login credentials on this web page, the threat actors will then get access to their account. This allows them to steal personal information and banking details stored in the account, sell stolen information on dark web markets and make online purchases using the victim’s banking card.
Below is an example of the “Amazon.com, action needed: Sign-in attempt” scam email.
Signs of ‘Amazon.com, action needed: Sign-in attempt’ email scam
While the email looks official, including the Amazon logo on the banner, other ways exist to tell this message is a phishing scam.
It’s important to note that Amazon will never ask for login credentials over email, which makes this message immediately suspicious. You may also notice that the fake website’s URL address differs from the official website. If the URL doesn’t appear to be “Amazon.com” or “Amazon.co.uk” or country-specific, don’t trust it.
You should also check the sender’s email address. Cybercriminals may use names that look like they come from Amazon, but they are often misspelt or include periods (“.”) in random points of the address. If it’s from Amazon, it should simply be “firstname.lastname@example.org.”
Another indicator is the format of the email. In this scam, the fraudulent message commonly uses variations of a hyperlinked “approve or deny.” Again, it’s a good idea to avoid clicking this link.
What should I do?
The best course of action is to ignore the message and delete the email.
Threat actors will do anything to convince you to click a dodgy link in messages, so don’t give them a chance to steal your private information.
It can be worrying to be alerted about someone trying to gain unauthorised access to your account. However, to double-check any suspicious activity, you can log in to your account directly on Amazon’s official website or app.
If you think your account has been compromised, you can head to Account > Login & security > Compromised account?
This allows you to change your password, set up two-factor authentication (2FA) and sign out of any current sessions the attacker may use.
It’s good practice to block the sender of the “Amazon.com, action needed: Sign-in attempt” email scam, too. Check out the guides below to stop getting malicious emails from scammers.
- How to block spam email in Gmail
- How to block spam email in Outlook
- How to block spam email in Yahoo Mail
How to avoid Amazon email scams
If you received a suspicious email from Amazon, you aren’t alone. Scammers often send millions of phishing emails or texts, thousands at a time, to trick recipients, with malicious messages being sent to email addresses and numbers found through social profiles or via data breaches. These scams are widespread, meaning attackers cast a wide net to see how much they can reel in – and the “Amazon.com, action needed: Sign-in attempt” email scam is no different.
To stop receiving scam texts from random numbers, including ones from Amazon scammers, we have just the guides below. Otherwise, find out how to avoid them once and for all.
Use antivirus software to scan and block scams
One of the best antivirus software will stop scams in its tracks, whether they are via text or email. Many high-standard AV protection offers near-perfect scores when detecting and protecting against malware, meaning even complex malicious software can’t go unnoticed in messages or emails.
Messages from threat actors can contain harmful links or attachments filled with malware, which you never want on your device. The good news is you can let one of the best antivirus software services do all the legwork for you, as they have security and privacy features to protect your accounts.
Services such as Avast One, Bitdefender, Norton 360 and more have protection tools that block malicious email addresses, links and attachments. To make sure scams block malware damaging your device and to keep safe from threat actors hacking your phone through texting and more, set yourself up with an antivirus.
- Norton 360 review: Optimal security
- Avast One review: Strong antivirus for free!
- Bitdefender review: All-in-one premium security
Avoid dodgy links
Amazon states that it will never ask customers to provide sensitive information over the phone or on any website that isn’t Amazon.com, for example. This means it’s better to search and go to the website and not trust any other dodgy URLs.
Make sure to hover over any link you receive to make sure it leads to an official website. Otherwise, you can use the official Amazon app on the App Store or Google Play Store.
Nothing is urgent
Scammers will intimidate users by issuing a sense of urgency and authority in their messages or phone calls. No matter how official it sounds, always double-check any alarming message you have never received before or information that doesn’t add up. Amazon will never ask for your credentials or information to be provided immediately via phone, text or email.
Stay away from any messages persuading you to “act now.”
Use two-factor authentication
If scammers somehow get access to your account, they won’t be able to go far if you have two-factor authentication (2FA) set up. When a login attempt is made, you will receive a text or email to confirm access to the account – something the scammer won’t have.
It will also notify you about unauthorised attempts on your Amazon account, allowing you to to change your password so threat actors no longer know your credentials.