- Receiving an Amazon OTP Text Out of the Blue
- What Happens If I Give Someone My 2SV Code?
- Don’t Have 2-Step Verification Enabled? Do It Now!
- Links From Amazon Requesting Account Access
- Frequently Asked Questions
An Amazon one-time password (OTP) could mean one of two things. Either an OTP that is required to complete a high-value delivery or one that’s sent for two-factor authentication (2FA) to gain access to your account. Either way, they’re real and genuinely sent from Amazon to offer extra protection to your account and deliveries. However, if you receive an Amazon OTP text message when you weren’t even trying to log into your account, it means someone else is trying to log in.
- Financial Fraud Protection
- Identity Theft Protection
- Family Protection & VPN
Receiving an Amazon OTP Text Out of the Blue
You should only receive an Amazon OTP text message—also referred to as two-step verification (2SV)—if you’re trying to log into your Amazon account from a new device or browser.
This means you’ve entered your username and password and now need to enter your 2SV code (or your OTP) you received via text message. This is an added level of security for your account and pretty standard these days.
If you receive an Amazon OTP text out of the blue (i.e., when you weren’t trying to log into your account), it means someone else is trying to log in.
Amazon Delivery OTPs Are Different
Delivery OTPs are codes you must provide your Amazon delivery driver to accept specific packages (usually high-value items). In some other countries, Amazon sends delivery OTPs via text, but in the U.S., they are only sent via email.
In the U.S., if you receive a code via text from Amazon, it’s a 2SV code for access to your account—it’s not for deliveries.
Steps to Take After Receiving an Amazon OTP Text
If you receive a 2SV code (Amazon OTP text) out of the blue, you can ignore it. DO NOT under any circumstances give this code to anyone. This code is for your eyes only and is the last line of defense for your Amazon account.
If the text message contains a link, don’t click it. Amazon 2SV/OTP text messages don’t include links, just the code. If the text message you receive has a link, it’s likely a scam to steal your information.
Although your Amazon account is technically safe, since the scammer trying to log into your account won’t be able to without this 2SV code, it does mean someone has your username and password. Be sure to update your password asap. If you don't use strong passwords for every one of your accounts that is unique, at least 12 characters long and uses upper and lowercase letters, numbers and special symbols, your other accounts may be vulnerable to getting hacked.
If you need a tool to help you generate strong passwords, that you can access securely from any device you can use 1Password.
It only takes a few minutes to sign up for 1Password and you can try it for 14 days for free and then $2.99 per month after that, which if you can spare it, is a small price to pay to protect yourself.
There is an option for families and 1Password is currently offering 50% off for the first 12 months.
You might be wondering, how did the scammer get your login credentials in the first place? There are several ways, including via:
- A data breach
- A successful phishing attempt (including via malware)
Did An “Amazon Representative” Call You?
Scammers may pretend to represent Amazon and call you to access your account. They may say they need you to verify your account/identity to fix a problem and ask you for the OTP. This is a scam!
Don’t ever give anyone your 2SV, OTP, or 2FA code. This applies to any online account, whether it be Amazon, Venmo, your email, etc.
What Happens If I Give Someone My 2SV Code?
Anyone who asks for your Amazon 2SV code likely already has your username and password and needs this one last thing to gain access to your account. If you give them the code, they’ll be able to log in (just as you would) and start purchasing items using your saved payment methods.
It may take you a while to realize what’s happening, and it will be hard to catch the scammer because they will:
- Change your saved email address to a temporary “burner” email so you don’t receive notifications of purchases
- Change your saved phone number to a temporary “burner” number so you don’t receive notifications
- Send packages to someone else’s address (or a public location) and be there to pick them up (therefore continuing to mask their identity)
- Lock you out of your account and change your password and security settings
Don’t Have 2-Step Verification Enabled? Do It Now!
Adding a layer of security to your Amazon account is crucial to keep out hackers and thieves who want to make unauthorized purchases, charging them to your credit card. Setting it up is easy. Follow these steps:
Log into your Amazon account.
- Hover over “Account & Lists” (top right-hand corner).
- Click “Account.”
- Click the “Login & security” button/tile.
- Re-enter your amazon password if prompted.
- Next to “Two-Step Verification (2SV) Settings,” click “Edit.”
- Click “Get Started.”
- Follow the steps to set up your 2SV.
You’ll have the option to either send the 2SV/OTP to your phone or to generate the codes from an authenticator app (e.g., Google Authenticator). We recommend using an authenticator app instead of text messages for all 2SV so that hackers can't use the SIM Swapping hack to gain access to your protected accounts.
You should keep 2SV enabled to protect your Amazon account from scammers and hackers.
Links From Amazon Requesting Account Access
If you receive a text/email (or both) from Amazon saying someone is trying to access your account data, this is more serious. It means someone has already managed to log into your Amazon account and is now trying to access your security settings.
Whenever you want to access your account's security settings, Amazon requires that you re-enter your password, then approve the access via a link sent to your phone and email.
If it wasn't you that was trying to access your security settings, don't click the link and don't approve the request. Doing that will give the hacker access to your security settings, and they can essentially lock you out of your account.
Other Types of Scam Texts to Be Aware Of
Scammers are sending more and more scam text messages pretending to be from legitimate companies and banks:
- Capital One
- Citizens Bank
- Navy Federal
- Wells Fargo
Don't click on links within these texts or call the phone number listed. You should always find the genuine number for the company on their official website.