Scammers are sending fraudulent text messages to U.S. customers claiming recent Amazon purchases are being recalled to steal personal information [1].
This campaign targets the trust users place in safety notifications to harvest sensitive data. Because product recalls are common, shoppers may be more likely to click malicious links without verifying the source first [2].
Amazon has acknowledged the fraud. An Amazon spokesperson said the company has seen "bad actors impersonating Amazon by sending messages claiming your recent purchase needs an immediate return" [1]. The messages typically claim to be from the company's Product Safety Team [1].
These phishing links lead users to fake websites designed to capture login credentials and payment details [3]. Reports indicate that millions of people are receiving these fraudulent messages [4].
Security experts warn that these texts are designed to create a sense of urgency. Consumer Reports said that if a person receives a text claiming a recall, they should verify it on Amazon's official website before clicking any links [2].
Retail-based SMS scams often follow similar patterns by mimicking corporate alerts to bypass traditional email spam filters. The current wave of recall messages leverages the legitimate process of safety notifications to deceive users [2].
To avoid these traps, users are encouraged to navigate directly to the Amazon app or website rather than following links sent via SMS. Amazon said official communications regarding safety and recalls can be verified through the customer's account dashboard [1].
“Millions of people are receiving fake Amazon recall messages.”
This scam highlights a shift toward 'smishing'—SMS phishing—where attackers exploit the high open rates of text messages compared to email. By impersonating a safety team, scammers use a psychological trigger of urgency and concern for physical safety to bypass a user's typical skepticism, making the attack more effective than standard promotional scams.
