Shopper help > Privacy and security

Internet scams and phishing

We know that you try to protect yourself from fraud on the internet. The information that follows is designed to help you identify and avoid internet scams and phishing attempts.

Be wary of internet scams

  • DO NOT send money—by cash, wire transfer, Western Union, PayPal, MoneyGram or other means, including by Amazon Pay—to a seller who claims that Amazon or Amazon Pay will guarantee the transaction, refund your funds if you are not satisfied with the purchase, or hold your funds in escrow.
  • DO NOT make a payment to claim lottery or prize winnings, or on a promise of receiving a large amount of money.
  • DO NOT make a payment because you are “guaranteed” a credit card or loan.
  • DO NOT respond to an Internet or phone offer that you are not sure is honest.
  • DO NOT make a payment to someone you do not know or whose identity you cannot verify.

When in doubt, ask the intended recipient for more information about the purpose and safety of the requested payment. Do not send the payment until you are comfortable with the transaction.

Identify phishing or spoofed emails

From time to time you may receive emails that look like they come from Amazon Pay, but they are falsified. These emails may direct you to a website that looks similar to the Amazon Pay website. You might even be asked to provide account information such as your email address and password combination.

These false websites can steal your sensitive login or payment information, which is then used to commit fraud. Some phishing messages contain potential viruses or malware that can detect passwords or sensitive data. We recommend that you install an anti-virus program and keep it updated at all times.

Here are some key points related to fraudulent emails:

1. Know the information that Amazon Pay will not ask you to provide in an email

Amazon Pay might sometimes need to ask you for important information, but you will always be directed to provide this information through the Amazon Pay website.

You should not provide personal information like the following in an email:

  • Your full or partial national ID or passport number
  • Your date of birth
  • Your credit card number, PIN, or credit card security code (including “updates” to any of the above)

2. Be wary of attachments in suspicious emails

We recommend that you do not open any email attachments from suspicious or unknown sources. Email attachments can contain viruses that can infect your computer when the attachment is opened or accessed. If you receive a suspicious email purportedly sent from Amazon Pay that contains an attachment, we recommend that you delete the email—do not open the attachment.

3. Look for grammatical or typographical errors

Be on the lookout for poor grammar or typographical errors. Some phishing emails are translated from other languages or are sent without being proofread and, as a result, contain bad grammar or typographical errors.

4. Check the return address

Is the email from Amazon Pay? While phishers can send forged email to make it look like it came from Amazon Pay, you can sometimes determine whether or not it is authentic by checking the return address. If the “from” line of the email looks like “” or “” or contains the name of another Internet service provider, you can be sure it is a fraudulent email.

5. Check the website address

Genuine Amazon Pay websites are always hosted on one of the following domains:


Sometimes the link included in spoofed emails looks like a genuine Amazon Pay address. You can check where it actually points to by hovering your mouse over the link; the actual website to which it points will be shown in the status bar at the bottom of your browser window or as a pop-up.

We never use a web address hosted on a domain other than the ones listed above. For example, variant domains such as “ . .” or an IP address (string of numbers) followed by directories such as “http://123.456.789.123/ . .” are not valid Amazon Pay websites.

Alternately, sometimes the spoofed email is set up such that if you click anywhere on the text you are taken to the fraudulent website. will never send an email that does this. If you accidentally click on such an email and go to a spoofed website, do not enter any information; instead, just close that browser window.

6. If an email looks suspicious, go directly to the Amazon Pay website

When in doubt, do not click the link included in an email. Go directly to and sign in to review recent transactions, your merchant agreements, and your account information. If you cannot access your account, or if you see anything suspicious, let us know right away. You can contact us from the Amazon Pay website.

7. Protect your account information

If you did click through from a spoofed or suspicious email and you entered your Amazon account information, you should immediately update your password. Here's how:

  1. Go directly to, and then click Your Account.
  2. On the next page, click the Login & security link.
  3. On the Login & security page, click the Password Edit button, update your password, and then click Save changes.
  4. If you submitted your credit card number to the site linked to from the forged email message, we advise that you take steps to protect your information. You might want to contact your credit card company, for example, to notify them of this matter. Delete that credit card from your Amazon account to prevent anyone from improperly regaining access to your account.

Report phishing emails

If you have received an email that you know is a forgery or if you think you have been a victim of a phishing attack and you are concerned about your Amazon account, please let us know right away by reporting a phishing or spoofed email.