Consumers receive an email from Amazon thanking them for their recent purchase. They’re asked to submit a product review in return for a $50.00 Amazon credit. When the user clicks the link, they are brought to a site that looks like Amazon but is really a fake Amazon site created by the cybercriminal. Users are then asked to log in to their account. If they enter their email and password, their information is sent directly to the criminals who then have access to the user’s Amazon account. Malicious software can also be installed on the user’s computers or mobile device once they’ve visited the fake site.
Avoid clicking links within emails. If possible, open a browser and go directly to the site you’re looking to visit. If you have to click a link, be sure to check the website address before clicking. Watch for slight variations of site names.