Amazon AirPods Raffle Scam That Could Compromise Prime Accounts of thousands
ByOne day, you may wake up to the surprising news
of allegedly having won a shiny new pair of Amazon AirPods. At this point,
you’re likely to think to yourself that you don’t remember ever entering such a
raffle, but a prize is a prize, so who cares, right?
Not quite.
The issue here is that the prize is fictitious
and designed exclusively as bait to get you to divulge personal information and
potentially even steal your passwords and infect your device with malware.
In fact, the Amazon AirPods raffle scam is being
proliferated to such a massive degree that the Better Business Bureau itself
had to issue a public warning to prevent the unwary from falling for it –
that’s how good these scammers are at doing their job. Even if you’d never fall
for such a thing yourself, chances are you know at least a friend or two who
would. Therefore, a general public warning is more than warranted in the given
situation.
How does the AirPods raffle scam work?
The message masquerades as having come directly
from Amazon. In the body, the so-called “lucky winner” receives congratulations
for having won the raffle and that they may now claim their shiny new set of
Apple AirPods. Some variation of this popular scam lists an Apple Watch as the
main prize, but the overall concept is more or less the same. Most frequently,
these fraudulent messages are distributed through Facebook, but in case the
fraudsters have somehow obtained your email address, there’s nothing stopping
them from reaching out to you via email instead.
A mandatory part of the message is a link that’s
most likely appended at the end of the body. Supposedly, this is where you
should navigate to for the purpose of arranging delivery and other minutiae.
Usually, the actual link tends to be masked with some kind of link shortener
service, so the clickable string is comprised of random numbers and characters.
Although shortened links are not a red flag on their own (in fact, many people
use them for legitimate purposes such as trying to fit a message into an input
field with a narrow character limit), hackers and fraudulent actors also use
them to conceal a malicious link.
For obvious reasons, you shouldn’t click on the
link, because it’s not leading to a legitimate Amazon-owned web property
(despite what the message may claim). The destination it leads to is nothing
more than a phishing site designed solely for the purpose of stealing your
login credentials. As soon as you enter them, they will be sent straight into
the hacker’s database to do with as they please, including having them leaked
online or misusing them to gain control over your account.
What to do if you’ve been targeted?
If you’ve received the Amazon AirPods raffle
scam message, do not click on it! If you’ve already opened it, close the window
immediately and run an antivirus scan to make sure your device isn’t infected
with any malware. In case you’ve already fallen victim to it and entered any
kind of personal data, you should change your username and password immediately!
Make sure you also change it on other websites if you have the habit of
re-using your passwords for the sake of convenience (in the future, mix them up
a bit and store them in a password manager).
As for your personal data, it can be quite
tricky to remove it once it gets leaked over the internet.
Typically, it ends up in the hands of third-party data brokers so they can
analyze your buying behavior and trade your data for a profit. Although they
sometimes give you a way to opt out, the problem is you’d have to spend ages of
your time filling out complex forms. Even then, some of the less ethical
brokers could re-publish your personal details over time or illegitimately
distribute them to other sources.
The Amazon AirPods raffle scam is just one of the many of its kind
Now that you know what the Amazon AirPods raffle
scam involves, don’t think that your work is done. There are hundreds if not
thousands of similar phishing scams circulating in the wild right now, and the only
way to stay safe is to educate yourself properly. The good news is, that the
example you’ve studied today will teach you the majority of the red flags to
look out for.
In essence, the warning signs of phishing are:
- A sense of urgency. Hackers may attempt to
trick you into opening the fraudulent phishing message in many ways, but the
common denominator will almost always be some kind of urgency, either to “claim
your prize”, “update your account information”, “fix a mistake” or anything
along these lines.
- Masquerading as a figure of authority. In the
example above, the fraudsters were trying to present themselves as representatives
of Amazon. In other cases, they could try to convince you they’re your boss, a
co-worker, or the administrator of a website you use. The key is to never take
their word for it and check whether the message truly came from a legitimate
source. A misspelled email address is usually a dead giveaway.
- Suspicious-looking links. These could be
designed to look like the real thing but may have typos in them (these are
deliberate, and the link will take you to a domain the hacker controls). The
best practice is to ignore any links someone sends you through any kind of
email or messaging platform and directly type in the target domain straight
into your browser’s URL bar.
Conclusion
The Amazon AirPods raffle scam is a testament to
how refined fraudsters can be in their ill-conceived ways. The good is, that
once you learn from this example and train yourself to recognize the signs of
phishing, you’ll be less likely to fall for any similar scams in the future.