How to Avoid Amazon OTP Scams
Have you ever been a victim of an online scam? In this current day and age where almost everything is at your fingertips in the digital world, scammers and con-men have worked to bamboozle unexpecting individuals, especially when it comes to the Amazon OTP scam. In this article, we’ll review what Amazon OTP is, how to identify phishing text messages, what they are, and tips on how to avoid general free messaging scams.
What is Amazon OTP?
OTP stands for one-time password and is used to authenticate or verify different accounts within a digital space. Have you ever signed up for an Amazon account or PayPal account only to find that you need to verify your identity through your phone number? It’s a six-digit code that is sent to your registered email address – for Amazon, it’d be the email address you signed up with when you made your Amazon account. Amazon specifically uses their one-time password process for package delivery, specifically for high-profile packages, expensive items, or for those who often have packages stolen from their front porch. Either way, Amazon’s OTP is a great way to track your package or to have more peace of mind when ordering premium items from Amazon. You can also ask another individual to receive your package on your behalf. As long as they have the verification code (password) they’re able to take the package for you. This is a great option for those who are traveling a fair amount or have time-sensitive packages they potentially need to “sign” for but are unable to make it in person.
Here are a few more notes about OTP and its advantages:
- Having a one-time password can act as another security layer, making it more difficult for scammers to say packages or items have not arrived.
- Your code is valid until the end of Amazon’s delivery day or from 8 am to 8 pm. With same-day delivery or Prime, your order can arrive as late as 10 pm but no later than 10 pm on any delivery day.
- You read or show your OTP code to the Amazon Delivery Driver who then gives your package to you.
- You can also ask another individual to receive your package on your behalf. As long as they have the verification code (password) they’re able to take the package for you.
- If you do not give anyone the code and are not present when your package arrives, Amazon will shoot you a text or email and try to re-deliver the package the next day.
See Amazon’s General Shipping Information for more info on how the process works.
The OTP Scam
Have you ever gotten a text from a random number saying they’ve met you before, to click on their profile or that your bank account is closing? Con-artists are just as the name implies – artists who cause intentional turmoil that will lead to some emotional reaction within their intended victim. Let’s look at a few examples below:
The Acquaintance Scam
Here we see an individual trying to pose as someone they know to encourage the victim to click on the link below. After clicking the link your personal information would be at high-risk, especially if you used your personal phone number to sign up for your Amazon account.
The “Your Bank Account is Closing” Scam
In this type of scenario, we see the scammer try to elicit fake stressors so the victim panics and clicks on the link. This would also lead to their personal information getting leaked on the internet where the con artist could then potentially do more damage and possibly access your banking information so they can wire money back to themselves.
What About the Amazon OTP Scam?
If you’ve ever used Amazon or most delivery alternatives you know that they send text messages to keep customers updated on package whereabouts, tracking information, and other changes to both Amazon or that individual’s account. In general, this is a great way for customers to stay connected and updated with where their packages, groceries, and other items are. This can make it much easier to map out your day! The problem arises when customers receive a one-time password code without ever ordering a package. Scammers prey on the fact that customers think the text is from Amazon by formatting their text in a similar fashion, using the same type of wording, or may even go as far as to have a fake photo attached to their contact information.
Other Ways Customers Have Been Scammed
Here are some other ways customers have reported being scammed:
- Getting a text message directly from Amazon without ordering a package
- Getting a false text from a third-party entity posing as Amazon
- Customers getting a text to “Authorize two-step verification” through a link instead of through your Amazon account
- Not logging into your Amazon account but getting an OTP code anyway
To Avoid Getting Scammed:
- Change your password every 3-6 months
- Create a password that has both uppercase and lowercase letters
- Create a different password for each website, don’t just use the same password for everything
- Generate a password that’s 12-16 characters long. As a general rule of thumb, the longer the password the more difficult it is for malicious individuals to get their hands on it.
- Don’t ever follow any links from text messages, especially if you feel it might not be a trusted source.
Here’s what the OTP code may look like on your phone:
This is a legitimate text message but if you have not tried to log into your Amazon account, someone might be trying to login on their end. If this happens, contact Amazon immediately, change your password and think about potentially finding new ways to work around the Amazon OTP process, like renting a U.S. based phone number solely for authentication purposes.
Please note, you cannot get scammed simply by opening a spam text but once you reply, click on links provided by the spam texter or share any personal data – your personal information may be at risk.
Avoiding General Phishing Text Message Scams
Now that you’re equipped with more information on how to protect yourself online, let’s dive into how to avoid potential phishing and free messaging scams.
What is a Phishing Message
Unlike what your Grandpa or Father did back in the day this isn’t with a pole and a line. Phishing (pronounced “fishing”) refers to digital attacks that aim to swindle individuals out of their identity, and financial means or to reveal personal information that the trickster may try to use against you. Posing as friends, family members, or someone that you’ve just met (as we stated above) these malicious individuals try to lull victims into a false sense of security or try to elicit unnecessary stress or anxiety to cause victims to make the mistake of clicking on their link.
Here are some ways you can spot potential phishing scams:
An All-Encompassing Greeting
If the individual has a greeting that seems pretty generic, it probably is. Since scammers work on quantity and not quality it’s quite likely that their greeting is all-encompassing and does not have your name or your account name.
Domain Names or Email Address That Don’t Make Sense
Much like the generic greeting tricksters will use fake email addresses that often have numbers or letters without any rhyme or reason. This is because they’re constantly generating new email addresses to avoid getting caught.
Suspicious or Malicious Links
Trust your gut on this one. If the message says it’s from Amazon, Google or Apple but has spelling errors, a link with weird jargon, or random numbers or letters it’s probably not from who they’re posing to be.
For more information on how to avoid potential scams, see Microsoft’s article on how to protect yourself against potential phishing threats.
If you’re concerned about your personal information being out in the general public or if you want more digital security or peace of mind, consider renting a phone number for verification purposes through Tardigrada.io. We use state-of-the-art technology to ensure that your information stays safe by using a third-party phone number that you can rent out so scammers never have access to your real phone number, in the first place. Join the thousands of individuals already using Tardigrada.io, today!