Back

Amazon Recall Text Scam Targets Consumers with Phishing Attempts

Severity: Medium (Score: 54.9)

Sources: Bitdefender, Foxnews

Published: 2026-05-20 · Updated: 2026-05-20

Keywords: amazon, recall, text, your, product, safety, scams

Summary

Cybercriminals are executing a phishing scam by sending fake recall notifications via text messages and emails, impersonating Amazon. These messages claim that products ordered by consumers have been recalled due to safety issues, urging recipients to click on links for refunds. The messages often include order numbers and vague safety warnings to appear legitimate. However, they lack specific product details and use suspicious links that do not belong to Amazon. Both articles emphasize that Amazon does not send recall notifications through text messages. Users are advised to verify any unexpected messages and avoid clicking on links. The scam aims to steal personal information, including login credentials and payment details. Amazon has confirmed the ongoing nature of these scams and is working to educate consumers on identifying them. Key Points: • Cybercriminals are impersonating Amazon with fake recall notifications. • Messages often include order details but lack specific product information. • Amazon does not send recall notifications via text messages.

Detailed Analysis

**Impact** Consumers who have recently purchased products from Amazon are targeted by phishing scams via SMS and email, with potential victims across all geographic regions where Amazon operates. The scam aims to steal Amazon account credentials, payment details, and personal information, risking identity theft and financial loss. There is no specific number of affected individuals reported, but the widespread use of Amazon and the generic nature of the messages suggest a broad scope. The sectors impacted include retail consumers and potentially financial institutions due to stolen payment data. **Technical Details** The attack vector is phishing via SMS ("smishing") and email, using fake recall notifications that reference recent orders and urge recipients to click malicious links. The phishing pages mimic Amazon’s branding and login screens to harvest credentials and payment information. The scam employs social engineering tactics such as urgency, generic greetings, and fake order numbers. No malware or CVEs are explicitly mentioned. The infrastructure involves disposable or random-looking domains unrelated to Amazon, used to host phishing sites. The kill chain stages include delivery (SMS/email), exploitation (phishing link), and credential theft. **Recommended Response** Defenders should block and monitor suspicious domains and URLs associated with the scam and deploy phishing detection tools on email and SMS gateways. Users must be educated to verify recall notifications only through official Amazon channels such as the Amazon app, Message Center, or “Your Recalls and Product Safety Alerts” page. Enable multi-factor authentication on Amazon accounts and encourage the use of strong, unique passwords. Mobile security solutions with phishing protection should be installed on user devices to detect and block malicious links. No patches or CVEs are applicable.

Source articles (2)

  • Amazon Recall Scams — Bitdefender · 2026-05-20
    If you recently ordered something from Amazon and suddenly received a text or email warning that your product has been “recalled” or poses a “serious safety risk,” you may have more than the product t…
  • Amazon recall text scam comes with red flags — Foxnews · 2026-05-18
    An unexpected recall text message pops up on your phone. It mentions a familiar company like Amazon , a specific order and a possible safety issue. As a result, it is meant to grab your attention fast…

Timeline

  • 2026-05-18 — Fake Amazon recall text reported: Users received texts claiming product recalls, prompting concerns about phishing attempts targeting Amazon customers.
  • 2026-05-20 — Bitdefender warns of Amazon recall scams: Bitdefender reported on a wave of scams exploiting consumer trust in Amazon, urging users to verify suspicious messages.

Related entities

  • Phishing (Attack Type)
  • cyberguy.com (Domain)
  • T1566.002 - Spearphishing Link (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
  • Android (Platform)
  • IOS (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed