Identified Scam:

Received an Amazon OTP Text? It Could Be a Scam

If you received an Amazon OTP text message out of the blue, it could be a sign that someone else is trying to log into your account.


Verified.org
Updated 16 August 2022
Received an Amazon OTP Text? It Could Be a Scam
Identified Scam:
Key Finding

Receiving an Amazon one-time password via text means someone is trying to log into your account.


Key Risk

As long as you don't give your one-time password to anyone, your account will be protected. However, you need to change your Amazon password.

Sections on this page
  1. Receiving an Amazon OTP Text Out of the Blue
  2. What Happens If I Give Someone My 2SV Code?
  3. Don’t Have 2-Step Verification Enabled? Do It Now!
  4. Links From Amazon Requesting Account Access
  5. Frequently Asked Questions

An Amazon one-time password (OTP) could mean one of two things. Either an OTP that is required to complete a high-value delivery or one that’s sent for two-factor authentication (2FA) to gain access to your account. Either way, they’re real and genuinely sent from Amazon to offer extra protection to your account and deliveries. However, if you receive an Amazon OTP text message when you weren’t even trying to log into your account, it means someone else is trying to log in. 

All-In-One Protection Including Identity Protection
All-In-One Protection Including Identity Protection
  • Financial Fraud Protection
  • Identity Theft Protection
  • Family Protection & VPN

All-In-One Security
Identity Protection, Password Manager, Credit Lock, Parental Controls
Try A No-Risk 14 Day Free Trial

Receiving an Amazon OTP Text Out of the Blue

You should only receive an Amazon OTP text message—also referred to as two-step verification (2SV)—if you’re trying to log into your Amazon account from a new device or browser. 

Example of an Amazon OTP text.
These OTP text messages from Amazon are legitimate. However, if you didn't try to log into your account, it may mean someone else is trying to.

This means you’ve entered your username and password and now need to enter your 2SV code (or your OTP) you received via text message. This is an added level of security for your account and pretty standard these days. 

If you receive an Amazon OTP text out of the blue (i.e., when you weren’t trying to log into your account), it means someone else is trying to log in. 

Amazon Delivery OTPs Are Different

Delivery OTPs are codes you must provide your Amazon delivery driver to accept specific packages (usually high-value items). In some other countries, Amazon sends delivery OTPs via text, but in the U.S., they are only sent via email.

In the U.S., if you receive a code via text from Amazon, it’s a 2SV code for access to your account—it’s not for deliveries.

Steps to Take After Receiving an Amazon OTP Text

If you receive a 2SV code (Amazon OTP text) out of the blue, you can ignore it. DO NOT under any circumstances give this code to anyone. This code is for your eyes only and is the last line of defense for your Amazon account.

If the text message contains a link, don’t click it. Amazon 2SV/OTP text messages don’t include links, just the code. If the text message you receive has a link, it’s likely a scam to steal your information. 

Although your Amazon account is technically safe, since the scammer trying to log into your account won’t be able to without this 2SV code, it does mean someone has your username and password. Be sure to update your password asap. If you don't use strong passwords for every one of your accounts that is unique, at least 12 characters long and uses upper and lowercase letters, numbers and special symbols, your other accounts may be vulnerable to getting hacked.

If you need a tool to help you generate strong passwords, that you can access securely from any device you can use 1Password.

It only takes a few minutes to sign up for 1Password and you can try it for 14 days for free and then $2.99 per month after that, which if you can spare it, is a small price to pay to protect yourself.

There is an option for families and 1Password is currently offering 50% off for the first 12 months

You might be wondering, how did the scammer get your login credentials in the first place? There are several ways, including via:

  • A data breach
  • Hacking
  • A successful phishing attempt (including via malware)

Did An “Amazon Representative” Call You?

Scammers may pretend to represent Amazon and call you to access your account. They may say they need you to verify your account/identity to fix a problem and ask you for the OTP. This is a scam!

Don’t ever give anyone your 2SV, OTP, or 2FA code. This applies to any online account, whether it be Amazon, Venmo, your email, etc. 

What Happens If I Give Someone My 2SV Code?

Anyone who asks for your Amazon 2SV code likely already has your username and password and needs this one last thing to gain access to your account. If you give them the code, they’ll be able to log in (just as you would) and start purchasing items using your saved payment methods. 

It may take you a while to realize what’s happening, and it will be hard to catch the scammer because they will: 

  • Change your saved email address to a temporary “burner” email so you don’t receive notifications of purchases
  • Change your saved phone number to a temporary “burner” number so you don’t receive notifications
  • Send packages to someone else’s address (or a public location) and be there to pick them up (therefore continuing to mask their identity)
  • Lock you out of your account and change your password and security settings

Don’t Have 2-Step Verification Enabled? Do It Now!

Adding a layer of security to your Amazon account is crucial to keep out hackers and thieves who want to make unauthorized purchases, charging them to your credit card. Setting it up is easy. Follow these steps: 

Log into your Amazon account.

  • Hover over “Account & Lists” (top right-hand corner). 
  • Click “Account.”
  • Click the “Login & security” button/tile.
  • Re-enter your amazon password if prompted.
  • Next to “Two-Step Verification (2SV) Settings,” click “Edit.” 
  • Click “Get Started.” 
  • Follow the steps to set up your 2SV. 

You’ll have the option to either send the 2SV/OTP to your phone or to generate the codes from an authenticator app (e.g., Google Authenticator). We recommend using an authenticator app instead of text messages for all 2SV so that hackers can't use the SIM Swapping hack to gain access to your protected accounts.

You should keep 2SV enabled to protect your Amazon account from scammers and hackers. 

Links From Amazon Requesting Account Access

If you receive a text/email (or both) from Amazon saying someone is trying to access your account data, this is more serious. It means someone has already managed to log into your Amazon account and is now trying to access your security settings. 

Whenever you want to access your account's security settings, Amazon requires that you re-enter your password, then approve the access via a link sent to your phone and email. 

Amazon account data access text message.
While these text messages are legitimate and from Amazon, if you weren't the one trying to access your security settings, someone else is.

If it wasn't you that was trying to access your security settings, don't click the link and don't approve the request. Doing that will give the hacker access to your security settings, and they can essentially lock you out of your account. 

Approval screen for Amazon account access.
If you're not the one trying to access your Amazon account settings, deny the access.

Other Types of Scam Texts to Be Aware Of

Scammers are sending more and more scam text messages pretending to be from legitimate companies and banks (e.g., Citibank and Chase). Don't click on links within these texts or call the phone number listed. 

Frequently Asked Questions

Why did I receive an Amazon OTP text?

If you receive an Amazon OTP text, it means you have two-step verification enabled on your account, and someone is trying to log in. If you're not the one trying to log in, it means someone has your username and password—change your Amazon password immediately. 

Is my Amazon account automatically set up with 2-step verification?

No. You will need to enable 2SV for your Amazon account by visiting your security settings.

Is there another way to receive one-time passwords other than via text message?

Yes. When you enable 2SV on your Amazon account, you can choose between receiving your one-time password via:

  • Text message
  • Voice call
  • An authenticator app

Can I give an Amazon representative my one-time password?

No. Do not give anyone your one-time password unless it's a delivery OTP that you need to accept the delivery of an expensive item. 

If someone asks for your 2SV code (i.e., your one-time password), they're trying to access your Amazon account. Amazon will never ask for your 2SV code.

About This Article


Share This Article to Help Others

Comments

Featured Reads