The cellular network has been flooded with text messages pretending to be Amazon. The SMS (Short Message messages may say something like “Your Amazon account has been hacked” or “Confirm your Amazon order.” These are called “phishing” or “smishing” scams in which the sender is trying to gather information about your account. DON’T FALL FOR IT!
Just because a message uses the name Amazon, AT&T, Verizon, DirecTV, GoDaddy, or other famous company doesn’t mean it’s actually the company messaging you. Would you open the door for anybody just because they know your address? Heck No! One of the oldest scams in history is someone pretending to be someone they are not.
How Do You Know If A Text Message Is Real?
The first rule is “Don’t click on it” (unless you are purposely investigating the sources and intent of a malicious SMS text). Then, if you want to identify whether or not a text message is real before clicking on it look at the URL (Universal Resource Locator). A URL is a unique address on the internet. You go to URLs all the time when shopping on Amazon, watching Netflix, and looking up local events. The problem is, anyone can buy a URL and alter it to look fake.
Look For These Indicators
Look for indications a message may be fake. In this message supposedly from Amazon there are three easy giveaways to spot.
The URL is not from Amazon.com. Look at the URL link in blue. If it was from Amazon it would say amazon.com. But be careful, a subdomain can be created that looks like amazon.com. For example, this scammer could have had the URL set up as amazon.onlinehome.us. When the message is received it may look like it is from amazon. But “amazon” is just a subdomain of “onlinehome.us.” Anybody could set up this and scam you!
The HTTP part of the URL does not have an “S” indicating a security certificate. A “secure” website can be identified as HTTPS not HTTP. Would Amazon have an insecure website? No way! However, keep in mind anyone can purchase a domain name and make it secure.
There is a misspelling. If you look closely the word “below” is spelled as “bellow” which is wrong. That is a clear indicator the message did not come from a company that would have fully vetted the outgoing messages. Of course, companies make mistakes at times with misspellings but not often.
What Do You Do With The Text Message?
Once you’ve determined the message is fake, it’s best to report the sender and message as “Junk.” Apple and Android devices have this option and it really helps the service providers know what numbers are being used for scams. Then, it is best to delete the message (unless you are starting a collection of smishes :).
This same type of scam has been used for decades through email phishing campaigns. The recipient gets a message that is supposedly from somebody they know. Then, clicks on the link provided in the email. The next thing you know the link is sending you to a malicious website or installing malware on your computer. Look at the URL first!
Social Media Scams
In the last decade, we’ve seen social media websites and apps also attempt to gather information or install malware via links provided in pop-ups, ads, and within the content of social media posts. The trick is to look at where the URL is pointed to. Then, determine if it is safe to click on the link or not.