Beware of this iPhone Amazon scam.
NurPhoto (from Getty Images)
Amazon recently made headlines after an “irrecoverable” ransomware attack targeted Awaken Web Services users. Security now extends to the iPhone 16 following an investigation that successfully hacked the popular phone’s new USB-C port. Now, the iPhone 16 is back in the spotlight. A suspected smartphone-focused hacking attack is now reportedly hitting customers of Amazon’s consumer services. Here’s what you need to know:
Amazon iPhone 16 hack warning
I first heard about the Amazon iPhone 16 hacking attack about three months ago. At the time, users on Reddit were complaining that they were receiving calls from a purported Amazon customer service to verify that their smartphone orders were correct. During that time, hacking attacks have occurred multiple times, always involving iPhone 16 orders, and always coming from what appears to be Amazon customer service. Following a TikTok video of a victim claiming that their Amazon account was hacked using this method, another alarming incident has been reported.
The attack appears to have started with a phone call claiming to be from Amazon customer service, suggesting that the account had been compromised and that immediate action was needed. The victim was alarmed and informed her of this, but the caller told her the proof was in her Amazon account and to check her basket for an iPhone 16 order. They did, but there was nothing there. When the so-called Amazon representative asked to refresh the screen, lo and behold, instead of just one order, a total of eight iPhone 16 smartphones were in the cart. Apparently this was enough to convince the person that the account needed to be closed immediately to prevent fraud from occurring. They were told this would include a one-time code sent via text message. I clicked on this code and was prompted to sign out of my Amazon account. Assuming, of course, that the attacker already has access to the customer’s username and password, this would allow them to take control of the account.
Details of this Amazon attack require further investigation
To be honest, there are a lot of loose ends that need to be tied up regarding this latest case, as reported. In particular, the method used to add an iPhone to a customer’s basket, or at least give the appearance of one. Also, the one-time code trick requires that you already know the details of those accounts, which may have been compromised elsewhere and shared credentials used. In any case, consider this a threat at this stage and be aware that Amazon customer service will not call you, ask if your order is correct, or offer to send you a one-time code via text message. I think it’s worth keeping.
I asked Amazon for a statement.