An Amazon one-time password (OTP) is a security feature that adds an extra layer of protection to your account.
Essentially, this is a form of two-factor authentication. Amazon sends a unique code to your email address or mobile phone that you need to enter in order to complete certain actions, such as:
- change your password
- log in from an unknown device
- access certain sensitive account information
- make a high-ticket purchase
On the face of it, an OTP is an excellent security feature. However, if you’re new to the process, it could also make you vulnerable to an Amazon OTP scam.
How the Amazon OTP scam works
There are several types of potential Amazon OTP code scam, so let’s explore what they are and how you can protect yourself.
Amazon OTP delivery scam
This Amazon OTP text scam is associated with deliveries. When you purchase an expensive item, the company wants to ensure it is delivered to you. This protects not just you but Amazon and the marketplace seller.
The process is pretty simple. When the courier arrives with your package, they initiate the check and request a six-digit one-time code as confirmation of receipt.
You’re happy because your package has arrived. The courier is also happy because they know only you can give the correct code. After all, it is tied to your phone number and account.
The scam could be with the package itself.
Numerous reports have surfaced in the past year where customers have received what appear to be Amazon packages and have entered the code. However, upon opening their package, it was a different, cheaper item or missing altogether.
Once you enter the code, Amazon considers it proof of delivery. Unfortunately, the marketplace has been reluctant to issue refunds in such instances.
The delivery scam can theoretically happen at multiple levels in the chain.
- A fraudulent seller can deliberately send a cheaper item and is protected because you have supposedly ‘confirmed’ receipt with the OTP.
- Someone who handles the package before the courier could switch the package.
- A fraudulent courier could also switch the parcel or omit the expensive item from a multiple parcel delivery while en-route.
Of course, it can also be a genuine error. A seller could quite reasonably send the wrong item by mistake, and it’s not uncommon for warehouse staff and couriers to mix up items along the way.
Amazon OTP phishing scam
The Amazon login OTP email scam is a traditional phishing attempt that aims to steal your Amazon password or infect your device with malware for future cyberattacks.
Its aim is to trick you into thinking it’s a legitimate attempt to secure your account or confirm an action. However, clicking the link contained within the email will take you to a fake Amazon sign-in page to harvest your password and/or infect your device.
On mobile, you can also get an Amazon OTP code text scam following the same pattern.
OTP phone call
Usually accompanying an unsolicited OTP message, a scam phone call may reference the message and then proceed to ask for private account information.
Hackers using genuine OTP against you
The final scam is much rarer and relies on the breach of your email account or mobile phone.
When you sign into Amazon from a different device, location, or when other data doesn’t align with your usual login habits, Amazon might send you an OTP to confirm it’s you.
However, if a criminal already has access to your email or phone, they can easily obtain the code and sign in.
If you are getting lots of sign-in OTPs, your Amazon account password might have been compromised, but your email or phone is safe.
Start a clean login from your browser and quickly change your password!
How to protect yourself from Amazon OTP scam
You can protect yourself from OTP scams by taking some extra precautions. Here are some useful tips:
The right to check your Amazon package
Although many people don’t bother, you are well within your rights to open the Amazon package before formally accepting it from the courier.
While you should do this for any item you don’t want to risk losing, it’s even more critical in light of the OTP delivery issue.
Politely inform the courier you wish to check the package before entering the OTP. In the rare chance they refuse to let you do this, you’re protected because you never entered the code.
In this case, the driver must return the package and risk reprimand for failing to deliver.
Either the delivery will be attempted the following day, or it will be returned to the seller, and you will be entitled to a refund.
Use a credit card for all purchases
Unlike debit cards tied to your bank account, credit cards come with extra protections for buyers. The card company will perform a chargeback on your behalf for probable fraud. This refunds your money and revokes it from Amazon and the seller.
The best way to avoid an Amazon text scam about OTP confirmation is to never respond to them.
You will only receive a genuine one-time passcode if you are actively logging into your account, changing your password, or if a courier is at your door.
If you receive a code out of the blue. I.e., you haven’t accessed your account in days, and no deliveries are due, it’s either a scam or an error.
Important: A genuine OTP message will never require you to click or tap a link within the message. So as long as you never do this, you cannot be scammed.
Reset your password by going directly to Amazon
If you receive one or several unsolicited OTP messages, it’s possible someone is trying to gain unauthorized access to your account and triggering the two-factor authentication process.
Even if Amazon hasn’t emailed you about suspicious activity, it’s a good idea to reset your password.
Important: Always initiate the password reset process by opening a fresh browser tab and typing Amazon.com (or your country’s domain) into the address bar yourself.
Never open a link within an email or SMS message asking to reset your password if you haven’t requested one. This could be a phishing attempt.
Never give information over the phone
If you receive an unsolicited OTP message, shortly followed by a phone call, end the call and block the number.
Amazon does not make phone calls to verify OTPs and will never ask for account passwords or other personal information over the phone.
How to recognize fraudulent OTPs
If you suspect an OTP message is fraudulent, there are several things to look out for.
- There are links included: Legitimate OTP messages only contain the code. There will never be a link you can click or tap.
- The email sender is suspicious: Although this can be spoofed, poor phishing attempts will visibly come from a fake Amazon email address. This could be misspelled, e.g., firstname.lastname@example.org, or a completely different domain like: email@example.com.
- The phone number is suspicious: SMS text messages usually carry the Amazon name, not a standard phone number. However, if a number is visible, a simple Google search will reveal whether it’s genuine or spam.
- Images don’t load or are poor quality: Header images or logos might not load at all, or if they do, they look low quality or unofficial.
How to report Amazon OTP scams?
If you have become a scam target, you can save or screenshot the email or text and send it to: firstname.lastname@example.org
You can also forward emails to the same address, but Amazon prefers attachments.
If you believe your account has been compromised because of an OTP scam, you must visit the unauthorized activity reporting page.
If you have not received the correct item after an OTP delivery, you have 90 days to report it.
It’s a good idea to leave the incorrect item in the box and take a photo of it. You can attach it when corresponding with the seller and Amazon.
- First, contact the seller directly if it was a marketplace order. If they do not respond adequately, you can escalate the issue with Amazon.
- If the order was fulfilled by Amazon, you can contact customer service.
- After 14 days, you can go to your order history and file a claim, which escalates the process.
- If you used a credit card, you can request a chargeback from the credit card company. And while your bank is not obliged to do this with debit card purchases, many will do so as a gesture of goodwill.
What’s Amazon’s response?
After some media pressure, Amazon is now more willing to investigate missing or incorrect items related to OTP deliveries. First, however, you will need to proceed through the existing channels listed above.
If your account is in good standing, you will likely receive a refund or reship.
You must always remain vigilant when using the internet. Fortunately, it’s very unlikely to fall victim to an Amazon OTP scam unless you actively respond to the message or phone call involved.
Also, always open your package and make sure it matches your order before entering an OTP.
And in case you encounter a scam attempt, report the issue immediately so Amazon can take action against the fraudsters behind it.