- Receiving an Amazon OTP Text Out of the Blue
- What Happens If I Give Someone My 2SV Code?
- Don’t Have 2-Step Verification Enabled? Do It Now!
- Links From Amazon Requesting Account Access
- Frequently Asked Questions
An Amazon one-time password (OTP) could mean one of two things. Either an OTP that is required to complete a high-value delivery or one that’s sent for two-factor authentication (2FA) to gain access to your account. Either way, they’re real and genuinely sent from Amazon to offer extra protection to your account and deliveries. However, if you receive an Amazon OTP text message when you weren’t even trying to log into your account, it means someone else is trying to log in.
Receiving an Amazon OTP Text Out of the Blue
You should only receive an Amazon OTP text message—also referred to as two-step verification (2SV)—if you’re trying to log into your Amazon account from a new device or browser.
This means you’ve entered your username and password and now need to enter your 2SV code (or your OTP) you received via text message. This is an added level of security for your account and pretty standard these days.
If you receive an Amazon OTP text out of the blue (i.e., when you weren’t trying to log into your account), it means someone else is trying to log in.
Amazon Delivery OTPs Are Different
Delivery OTPs are codes you must provide your Amazon delivery driver to accept specific packages (usually high-value items). In some other countries, Amazon sends delivery OTPs via text, but in the U.S., they are only sent via email.
In the U.S., if you receive a code via text from Amazon, it’s a 2SV code for access to your account—it’s not for deliveries.
Steps to Take After Receiving an Amazon OTP Text
If you receive a 2SV code (Amazon OTP text) out of the blue, you can ignore it. DO NOT under any circumstances give this code to anyone. This code is for your eyes only and is the last line of defense for your Amazon account.
Although your Amazon account is technically safe, since the scammer trying to log into your account won’t be able to without this 2SV code, it does mean someone has your username and password. Be sure to:
- Change your Amazon password (change it to something unique and hard to guess).
- Change your login information for any other accounts that share the same password.
If the text message contains a link, don’t click it. Amazon 2SV/OTP text messages don’t include links, just the code. If the text message you receive has a link, it’s likely a scam to steal your information.
How did the scammer get your login credentials in the first place? There are several ways, including via:
- A data breach
- A successful phishing attempt (including via malware)
Did An “Amazon Representative” Call You?
Scammers may pretend to represent Amazon and call you to access your account. They may say they need you to verify your account/identity to fix a problem and ask you for the OTP. This is a scam!
- Thousands of brands, millions of products
- Free shipping on millions of items
- Free One-Day delivery with Amazon Prime, available coast to coast
What Happens If I Give Someone My 2SV Code?
Anyone who asks for your Amazon 2SV code likely already has your username and password and needs this one last thing to gain access to your account. If you give them the code, they’ll be able to log in (just as you would) and start purchasing items using your saved payment methods.
It may take you a while to realize what’s happening, and it will be hard to catch the scammer because they will:
- Change your saved email address to a temporary “burner” email so you don’t receive notifications of purchases
- Change your saved phone number to a temporary “burner” number so you don’t receive notifications
- Send packages to someone else’s address (or a public location) and be there to pick them up (therefore continuing to mask their identity)
- Lock you out of your account and change your password and security settings
Don’t Have 2-Step Verification Enabled? Do It Now!
Adding a layer of security to your Amazon account is crucial to keep out hackers and thieves who want to make unauthorized purchases, charging them to your credit card. Setting it up is easy. Follow these steps:
Log into your Amazon account.
- Hover over “Account & Lists” (top right-hand corner).
- Click “Account.”
- Click the “Login & security” button/tile.
- Re-enter your amazon password if prompted.
- Next to “Two-Step Verification (2SV) Settings,” click “Edit.”
- Click “Get Started.”
- Follow the steps to set up your 2SV.
You’ll have the option to either send the 2SV/OTP to your phone or to generate the codes from an authenticator app (e.g., Google Authenticator).
We recommend keeping your 2SV enabled to protect your Amazon account from scammers and hackers.
Links From Amazon Requesting Account Access
If you receive a text/email (or both) from Amazon saying someone is trying to access your account data, this is more serious. It means someone has already managed to log into your Amazon account and is now trying to access your security settings.
Whenever you want to access your account's security settings, Amazon requires that you re-enter your password, then approve the access via a link sent to your phone and email.
If it wasn't you that was trying to access your security settings, don't click the link and don't approve the request. Doing that will give the hacker access to your security settings, and they can essentially lock you out of your account.