Amazon is currently facing a surge in password attacks, with hackers using malicious messages to impersonate the company and steal user passwords, putting consumer accounts at significant risk of unauthorized access.
According to Amazon, scammers impersonating the retail giant pose a considerable threat to consumers. However, the risk is even greater for accounts compromised through data breaches, information-stealing malware, or weak passwords. The company is urging users to take immediate action to secure their accounts.
A common scam involves sending text messages with links promising refunds for recent purchases. These links direct users to fake sign-in pages designed to steal their login credentials. Both the Federal Trade Commission (FTC) and the Better Business Bureau have warned consumers about such scams. Amazon is committed to protecting its customers and educating them on how to avoid falling victim to these scams. The company encourages users to report suspected scams, which helps protect their accounts and allows Amazon to refer malicious actors to law enforcement.
To enhance account security, Amazon recommends that customers use two-step verification and Passkeys. The company provides resources to help users understand the importance of Passkeys and how to enroll. According to Guardio, a new version of the refund scam text message emerged on August 9, surged by 590% on August 10, and continued to rise, resulting in a nearly 1000% increase over a few days.
Recent reports highlight the prevalence of weak and easily guessable passwords. NordPass releases an annual list of the most common passwords, which are likely to be exploited by hackers. CyberNews analyzed a vast collection of 19 billion leaked passwords, demonstrating the value of aggregated breach data for attackers. CyberGhost has also compiled a list of the worst passwords used over the last decade, revealing patterns to avoid, such as keyboard sequences, numerical series, and names of animals, sports teams, cars, and celebrities. The list humorously notes the tendency for people to use personal dedications, like their pet’s name, in their passwords, compromising their digital safety.
The importance of adding a Passkey and enabling two-factor authentication (2FA) on Amazon accounts cannot be overstated. Despite being a high-value target, Amazon does not require 2FA for all accounts, leaving many vulnerable with only password protection. According to CyberGhost, 81% of account breaches result from weak passwords, 60% of individuals reuse passwords across multiple accounts, and 90% are concerned about account compromises.
