Skip to Content
Close Icon

Fraud Alerts

There’s something ‘phishy’ with that Amazon email

Sophisticated phishing emails aim to trick consumers into giving away their money 

Sept. 8, 2021

You didn’t buy a $750 television from Amazon. Then why are you getting an email from the online retailer notifying you of the impending delivery of a big screen, but only if you pay a few hundred dollars first?

You aren’t going to receive a television and you’re not getting a legitimate email. Instead, a scammer is trying to pry your money and personal information from you. 

This type of well-designed phishing scam has become more common in recent years, with ne’er-do-wells spoofing retailers, online payment providers, and other companies in fraudulent emails -- as well as phone calls, texts, and social media posts.

Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies. 

The Federal Trade Commission notes that often these phishing emails tell a story to trick you into clicking on a link or opening an attachment. They may:

    •    say they’ve noticed some suspicious activity or log-in attempts 
    •    claim there’s a problem with your account or your payment information 
    •    say you must confirm some personal information 
    •    include a fake invoice 
    •    want you to click on a link to make a payment 
    •    say you’re eligible to register for a government refund 
    •    offer a coupon for free stuff 

That was certainly the case in two recent examples reported to the AG’s office. In these cases the consumers reported receiving professional-looking emails claiming they had made large purchases. 

The first email informed the consumer that the recent purchase of a $1,250 computer from Amazon was placed successfully. The email contained information on the purchase, such as the consumer’s name and email address. However, the shipping address is for someone else. 

The email encourages the recipient to call a number with queries about the purchase. When the consumer made the call, the help center operator instructed the consumer to purchase a gift card and provide the card’s number over the phone. 


 
 
The second email claims to be from PayPal informing the recipient that a recent $780 smartphone purchase had been authorized from their account. 

Though the email does not appear to have the PayPal logo, it includes the consumer’s information and the notification of an expensive purchase.  The consumer tells the Iowa Attorney General’s office they did not have a PayPal account, but placed a call to the number listed. The operator informed the caller they would need to send money before a refund could be established.  

 
 
In both instances, the consumers noticed something "phishy" going on and identified several hallmark of scams in the emails and interactions over the phone.


If you receive what appears to be a phishing email, remember: 

Be cautious about opening attachments or clicking on links in emails. Even your friends' or family members’ accounts could be hacked. Files and links can contain malware that can weaken your computer’s security.  

The Federal Trade Commission suggests that if you receive an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me? 

If the answer is “No,” it could be a phishing scam. 

If the answer is “Yes,” contact the company using a phone number or website you know is real. Note the information in the email. You should always avoid calling the numbers listed on the questionable email. The FTC cautions that if you do call the number, you’ll likely be connected to a scammer. If you want to call the company that supposedly sent the message, look up their phone number online.

To avoid receiving phishing emails in the future, the AG’s office suggests consumers use filters to reduce spam correspondence. 

If you do get a fake email like this, report it to the FTC at ReportFraud.ftc.gov.

 

Updated: September 19, 2017

Ring, ring. "This is Equifax calling to verify your account information." Stop. Don’t tell them anything. They’re not from Equifax. This is a scam. Equifax will not call you out of the blue.

This is just one scam you might see after Equifax’s recent data breach. Other calls might try to trick you into giving your personal information. Here are some tips for recognizing and preventing phone scams and imposter scams:

  • Don’t give personal information. Don’t provide any personal or financial information unless you’ve initiated the call and it’s to a phone number you know is correct.
  • Don’t trust caller ID. Scammers can spoof their numbers so it looks like they are calling from a particular company, even when they’re not.
  • If you get a robocall, hang up. Don't press 1 to speak to a live operator or any other key to take your number off the list. If you respond by pressing any number, it will probably just lead to more robocalls.

September 12, 2017

RE: Equifax Cybersecurity Breach

As you may have seen or heard on the news, Equifax has announced a cybersecurity incident through a flawed website application that potentially impacts 143 million U.S. consumers. This flaw allowed criminals to gain access to certain files containing consumers’ personal data. Equifax is a global credit-monitoring company and one of three in the United States that organizes, assimilates and analyzes data on more than 820 million consumers and more than 91 million businesses worldwide.

According to the company, their investigation has found the unauthorized access occurred from mid-May through July 2017 and while the company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases, they have established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection.

The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers - all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information. Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time.

As a reminder, you can help guard your information by:

  • Monitoring your bank and credit card statements. Check your accounts regularly so you know when something’s awry.
  • Verifying your mailing address with the post office and financial institutions.
  • Monitoring your credit report. By law, you’re entitled to a free report every year from each of the three bureaus (Equifax, Experian, and TransUnion). Request one every four months, changing bureaus each time. You can order the report directly through each agency, or at annualcreditreport.com. 
  • Shredding sensitive documents. Regularly shred outdated bank statements, credit card applications, bills, and anything with your personal information before tossing it into the trash or recycling. Junk mail often includes some of your personal details.

Select Online Account