There are very common scams that always succeed. But users have already become accustomed to them and cybercriminals are forced to innovate. There are scams on the Internet that constantly mutate. Scammers try to change their way of acting to try to get new victims to steal their data or money. Now we are starting to see messages appear about an alleged sale of Amazon mystery boxes. It is false and very dangerous.
In the age of digitalisation, the Internet has become a powerful economic engine for a large number of industries and businesses. Furthermore, at a social level, its impact has also been a significant turning point. However, like any evolution, risks are also present. And, of course, attempted scams are one of the main threats we have to face.
Amazon is the most widely used e-commerce platform in the world. Millions of people buy through this online store. Cybercriminals see it as a huge gold mine and, for this reason, they constantly impersonate it. One of the latest scams detected has to do with Amazon. There is a rumor that a set of mysterious boxes are sold by the e-commerce giant that contain all kinds of products at a very low price. If you don't want to fall for this scam, we are going to tell you how they work, so that you can detect it and avoid falling for it.
Mystery boxes on Amazon
“I was introduced to this by a friend, Amazon was forced to sell 299 mystery boxes at super low prices after the mall closed. You can claim your phone, tablet, TV and other devices!! Share it with you and get it now ”.
This is the full message that is being shared on social media. The final part of the message causes it to spread across Facebook, X and others in the belief that the deal of the century is being revealed. In reality, you are unwittingly being complicit in a dangerous scam.
The post claims that you can get a box of Amazon products for $4.98. However, it's actually a case of phishing, where others are impersonating the e-commerce giant in order to obtain your banking and personal data.
This online scam is taking advantage of a boom in Amazon returns to try to give credibility to its message. If there are initiatives like Amazon Warehouse where reconditioned products are sold... why wouldn't they sell them in the form of surprise boxes to free up stock in Amazon warehouses?
When faced with this type of situation, it is advisable to stop for a second to check if there is something that catches our attention. For example, the number of spelling mistakes we can find in the message we have published can be a good warning sign. However, below we are going to mention some other elements that will allow us to avoid falling into similar situations.
Identity theft
The post indicates that you have to click on the link they mention. After that, you have to pay $5 and in this way you will get a surprise package of products sold by Amazon. It is a tempting offer, because, even if we do not know what the package contains, if its contents are worth anything, we would come out ahead.
The message that is shared, far from being one of the cases in which it is really difficult to distinguish reality from impersonation, gives us clues that alert us to the false relationship with Amazon. First of all, the “closing of the shopping center” does not apply much to online commerce, at most it would be the closure of one of the stores. As for the final recommendation of “share it with you”, it already makes it clear to us that this does not make sense.
However, the domain of this website to which they direct (URL hidden under a link shortener) has no relation to the official page, “amazon.es”, nor does it have any relation to the company founded by Jeff Bezos.
When you click on the scam link, you will see supposed boxes full of Amazon products. As an excuse for the cheap prices, they explain in a text that they are things returned by customers of the platform. However, this is false. You won't even get a package at home, but what they are looking for is your bank card information. The way it works after starting the payment process is similar to other scams. They will ask us for our credit card details, including the expiration date and CVV, and after this an error message will appear when processing the transaction.
Amazon has a section on its website dedicated specifically to “Identifying if an email, call, SMS or website is from Amazon”. Here you can see some recommendations to avoid falling for an impersonation. And, in addition, it is advisable that before falling for any type of similar action that generates certain doubts, we go to the company's official channels to resolve any questions that may arise.
“Links to legitimate Amazon websites start with https://www.amazon.es or the equivalent if you are visiting an international Amazon website (for example, https://www.amazon.fr if you are on the French site). Legitimate Amazon websites have a period before amazon.es, such as https://www.algo.amazon.es or algo.amazon.co.uk. For example, Amazon Pay is https://pay.amazon.es. The text before the period will never be an IP address (string of numbers), such as http://123.456.789.123/amazon.es/ ”.
In the case of this scam, the domain of the website has been detected as roarlm.cyou. This has nothing to do with the Amazon website, as the company tells us. However, this fraudulent domain may be just one of many that are being used to impersonate the brand. Therefore, be on the lookout for any type of changes in the URL shared with the supposed mystery boxes.
Other ways to avoid falling for this type of scam
As we have stressed in the previous lines, you can identify a scam attempt by carefully studying all the details of the message you receive, but in certain cases it is very easy to become a victim of fraud. Therefore, one of the most important tips to prevent fraud is to look at the sender's email address and see that it does not contain a domain that you do not know. Also, the company image and names may not be real, even if they seem so.
It is therefore worth mentioning that you should never provide personal data or passwords if they ask you for them. No official company will ask you for sensitive data to carry out checks. It is also not advisable to click on any of the links included in the text message or download attached files that can be fatal for computers. Therefore, you should ignore them immediately.
In addition, you should keep yourself informed on the Internet about the latest techniques used by scammers and see what modus operandi they are using so as not to fall into the trap. It is a way of receiving this type of information through the social engineering they carry out to persuade their victims. To do this, you can always go to the official website of INCIBE and the Internet Security Office (OSI) to become aware of the bad practices of these types of individuals.
It never hurts to check your name on Google searches from time to time to make sure that your identity has not been stolen and that they are not pretending to be you in order to talk to your loved ones and try to trick them with their weapons of persuasion. If this is the case, you should immediately go to a police station to report the case and take the appropriate measures so that they do not cause more damage than has already been done.
Finally, be wary of any information you receive about winning a prize or a gift. Nobody gives anything away for free or gives away anything for nothing. Now it's up to you to put all these tricks into practice to prevent cybercriminals from achieving their goals.