Overview
- Scam SMS messages claim a product recall and push recipients to a convincing fake Amazon sign-in page that captures credentials.
- Which? found the phishing site live and said the texts have come from a UK mobile number that is likely to be spoofed.
- The fraudulent website was registered last week and copied Amazon’s branding and login flow, including a prompt to create a new account.
- Security researchers at Guardio and media outlets warn users to avoid links in messages and to verify orders only through the official website or app.
- Customers are urged to enable passkeys or non‑SMS two-factor authentication, change passwords if they clicked, and report messages to reportascam@amazon.com and the NCSC.