Reply With QuoteIf you use the same password on other websites make sure they are changed as well.
Morning all,
Just thought I'd share this and see what the collective's thoughts are....
I have a Amazon Prime account, registered in my name and my wife and both daughters (both at Uni) have access. All 4 of us have our payment details stored, so we just select whichever is appropriate at the time. I get the email notifications for all the purchases. As you might imagine, the account is in constant use, with someone buying something almost daily.
This morning my daughter rang me to say that she had received an email saying that the account was being locked due to billing info blah blah blah....she has coincidentally just purchased a new adapter plug, so clicked on the link without too much thought. Thankfully, she almost immediately realised that it was a phishing email and called me very apologetically, saying she had made a mistake.
I checked the email and it is very definitely a spam/phishing attempt. I assume they have captured my account login details but wouldn't have had time to do anything.I suppose it was only a matter of time before one of us succumbed to one of these scams but at least we seems to have caught it before any real damage could be done.
I changed the account password immediately and have since also enabled 2 step verification (which I hadn't before).
I suppose my question is - in this situation what would be the best practice? Is there anything else I should do?
Just to pre-empt separate accounts argument; all 4 of us being on the same account does have its conveniences. If wife/2 daughters had their own accounts, I can see me being lumbered with looking after 4 accounts, rather than 1. Also we share the Prime Video etc.
Thanks.
If you use the same password on other websites make sure they are changed as well.
I got the same email but after seeing simular ones for years on end you get a feel for the bull they put in them.
Usually try to say an account has an issue or you need to take immediate action to avoid something, trying to arouse concern etc....
Thanks, I'm quite used to sussing out the dodgy emails (I work in IT too) and have educated wife and daughters too. In this case it was just a moment of inattention which coincided with a purchase just beforehand.
If you didn't log-in from that email don't see why they would have your password but no harm to change anyway.
Realise you prefer one account but students do get a Prime discount (believe 50%) which they could share between (trustworthy, obviously) friends and I'd let them deal with it.
Struggling to see how by just clicking on a link in an email they get your login details? Don't you have to then enter your details on a fake amazon page for them to get the details?
Sorry, should've clarified that my daughter did click through using the link and logged into our Amazon account.
I'd pay for the Prime subscription anyway, so both daughters effectively get "free" Prime delivery etc. but appreciate that they can get 50% discount if we go down the separate ac route.
Thanks.
https://smile.amazon.co.uk/gp/help/c...deId=201909030
- If you've entered your password on what you think might be a malicious website, go to Password Assistance and change it immediately.
- If you've entered your payment information on what you think might be a malicious website or replied to an email with that information, immediately contact your credit card company. Note: Remember to update this payment method on your Amazon account afterwards.
Thanks, so we've done that - changed the password (literally) within a few minutes and also enabled 2-step verification, which will hopefully tie down the account usage to a few "trusted" devices.
Just had an email 5 mins ago too. Mine was slightly different saying that there have been various failed login attempts.
Looks like you have taken all steps required in your situation. Have you cancelled all credit cards on file? Maybe that is a danger?
That is a concern and I'm keeping an eye on transactions - however my thinking is that the phishing scam only allows them to gain your Amazon account login details. They would then need to use those credentials to login to the (real) Amazon account and harvest any data, such as payment cards etc.Originally Posted by Boss13
Now I'm not sure how complex these phishing systems are, whilst I'm sure they are all automated, would it be sophisticated enough to capture the login credentials on the spoof site and then immediately use them on the genuine Amazon site to login and harvest your details? Perhaps, perhaps not?
I suppose, I'm trying to put off the ball-ache of cancelling all the credit/debit cards attached to the account and the hassle that goes with it.
Sometimes it’s unfortunate timing, mate of mine renewed his mums tv license and next day by chance was sent a dodgy email pretending to be the tv license people chasing an account issue...he very nearly fell for it.
Sent from my iPhone using Tapatalk
You should create a Prime Family. You can each have your own login and independent payment details stored. That’s what my wife and I do.
Generally manual back-end - they just dump the information you provide to a text file.
It's why it's worth having two factor turned on as a matter of course.
Don't think this works now (for new shared accounts anyway)
https://www.theguardian.com/money/20...ayment-details.
https://www.amazon.co.uk/gp/help/cus...deId=201910370
Sharing benefits with Amazon Household requires both adults to link their accounts in an Amazon Household and agree to share payment methods
Yes, the Amazon Household only works for 2 adults and doesn't allow the "children" to shop. My wife and I already have this too.
Best to contact the the credit card company too
Have received similar in the past and received another 5 minutes ago!
I’m a very suspicious type so always assume something phishy is going on.
Definitely worth spreading the word and stopping these leeches ripping off more people.
I would delete the payment card(s) and possibly change the login email.
On Amazon browser, if you visit your account > content and devices towards bottom of page > devices, you can deregister any unknown/unused devices.
Posting Permissions