Select Page

Fake Amazon Security Alert: The Typosquatting Trick That’s Stealing Account Credentials

Uncategorized

Fake Amazon Security Alert

One reader caught this typosquatting scam before clicking — here’s how the hosers are stealing Amazon credentials with a single character trick

One of my readers forwarded me an email this week that looked like it came from Amazon. “Unauthorized purchase detected on your account. Verify immediately or lose access.” The email address? security@amaz0n-alerts.xyz. See it? That’s not an “o” in Amazon. It’s a zero. The hosers registered a lookalike domain and sent thousands of emails claiming unauthorized purchases. Click “Verify Your Account” and you land on a page that harvests your Amazon login credentials. Here’s how the scam works and what to do if you get one.

The Email That Almost Fooled Someone

Here’s what the email looked like:

From: security@amaz0n-alerts.xyz

Subject: Unauthorized Purchase Detected on Your Account

Body:

“We detected an unauthorized purchase of $347.99 on your Amazon account. If you did not make this purchase, verify your account immediately to prevent further charges.”

“Click here to verify your account: [Verify Now]”

“Failure to verify within 24 hours will result in permanent account suspension.”

Classic pressure tactics:

  • Urgency: “Verify within 24 hours or lose your account”
  • Fear: “Unauthorized purchase” and “permanent suspension”
  • Legitimacy: Amazon logo, professional formatting, official-sounding language
  • Hidden trick: The sender’s email isn’t from amazon.com

Most people don’t look closely at the sender’s email address. They see “Amazon,” they see a security alert, they panic, and they click.

What Is Typosquatting?

Typosquatting (also called domain spoofing or URL hijacking) is when scammers register domain names that look almost identical to legitimate websites. They rely on you not noticing the tiny difference.

Common typosquatting tricks:

Replacing Letters with Numbers or Symbols

Real: amazon.com
Fake: amaz0n.com (zero instead of “o”)
Fake: amaz0n-alerts.xyz (this actual scam)

Adding or Removing Letters

Real: paypal.com
Fake: paypai.com (i instead of second l)
Fake: paypall.com (extra l)

Using Different Top-Level Domains

Real: microsoft.com
Fake: microsoft.net
Fake: microsoft-support.xyz

Adding Hyphens or Extra Words

Real: bankofamerica.com
Fake: bank-of-america.com
Fake: bankofamerica-security.com

Why it works: Your brain sees what it expects to see. You’re used to seeing “amazon.com” so when you glance at “amaz0n-alerts.xyz,” your brain autocorrects it. You don’t consciously register the zero or the weird domain extension. That split-second of inattention is all the hosers need.

What Happens When You Click

If you click the “Verify Your Account” link in that fake Amazon email, here’s what happens:

Step 1: You land on a fake Amazon login page

The page looks exactly like the real Amazon login. Same colors. Same logo. Same layout. The URL might even say something like “amazon-verification.xyz” or “secure-amazon.net” — close enough that you don’t notice it’s not amazon.com.

Step 2: You enter your Amazon email and password

You’re trying to “verify” your account, so you type in your Amazon credentials. The page might even ask for your two-factor authentication code to make it look more legitimate.

Step 3: The scammers now have everything they need

Your email, password, and potentially your 2FA code. They log into your real Amazon account. They change your password. They order expensive items using your saved payment methods. They change the shipping address to a package forwarding service. By the time you realize what happened, they’re gone and you’re stuck disputing fraudulent charges.

This isn’t a hypothetical. This is exactly what happens. Thousands of people fall for these typosquatting scams every week.

How I Built ForwardToSafety (And Why It Caught This in 47 Seconds)

I’ve been in cybersecurity for 50 years. I present to FBI InfraGard. My clients have a perfect track record against ransomware attacks. And my own father still fell for a phishing email.

It happened on a Tuesday. He got an email that looked like it came from his bank. There was a problem with his account. Click here to verify. He clicked. He entered his credentials.

My stepmother noticed a remote access program running on his computer and called me. I connected remotely and found scammers actively searching his hard drive for financial documents. They were looking for a spreadsheet with all his bank account numbers and passwords.

We caught them before they found it. We were lucky.

That’s when I asked myself: What would I build if the person I was protecting was my father?

The answer was ForwardToSafety.

When I ran this fake Amazon email through ForwardToSafety:

Time to verdict: 47 seconds

Result: Dangerous

Threats detected:

  • Typosquatting domain (amaz0n-alerts.xyz)
  • Credential harvesting form detected on landing page
  • Spoofed sender identity (pretending to be Amazon)
  • Urgency tactics and threats of account suspension
  • Domain registered less than 7 days ago

No software to install. No technical knowledge required. Just forward the suspicious email to try@forwardtosafety.com and get a plain-English verdict: Safe, Suspicious, or Dangerous.

Three Ways to Protect Yourself from Typosquatting Scams

1

Always Check the Sender’s Email Address

Don’t just look at the sender’s display name (“Amazon Security”). Click on it to see the actual email address. Real Amazon emails come from @amazon.com. If you see @amaz0n-alerts.xyz or @amazon-security.net or any variation, it’s fake.

Pro tip: Bookmark the real websites you use frequently (amazon.com, paypal.com, bankofamerica.com). Always go to these sites through your bookmarks, never through email links.

2

Go to the Real Website Yourself

If you get an email about an unauthorized Amazon purchase, don’t click the link in the email. Close the email. Open your browser. Type amazon.com yourself. Log in. Check your recent orders. If there’s really an unauthorized purchase, you’ll see it there.

The same goes for bank emails, PayPal, Social Security, Medicare, or any other account. Don’t trust the email. Go to the official website yourself.

3

Forward Suspicious Emails to ForwardToSafety

When in doubt, don’t guess. Forward the suspicious email to try@forwardtosafety.com. You’ll get a verdict in about 47 seconds: Safe, Suspicious, or Dangerous.

No signup. No app. No technical knowledge required. Just forward and know for sure.

Forward. Know. Stay Safe.

Got a suspicious email sitting in your inbox right now? Don’t guess whether it’s real. Forward it to try@forwardtosafety.com and get a plain-English verdict in under a minute.

No signup. No app. Just forward and know for sure.

The bottom line

Typosquatting scams work because your brain sees what it expects to see. One reader caught this fake Amazon email before clicking, but thousands of others didn’t. The hosers registered amaz0n-alerts.xyz (with a zero instead of an “o”), sent emails claiming unauthorized purchases, and harvested Amazon credentials from anyone who clicked. Always check the sender’s email address. Always go to the real website yourself instead of clicking email links. And when you’re not sure, forward the suspicious email to ForwardToSafety and get a verdict in under a minute. That’s how you stay one step ahead of the hosers.

#Typosquatting #AmazonScam #PhishingEmail #CredentialHarvesting #DomainSpoofing #OnlineSafety #CyberSecurity

Want weekly scam alerts and security insights that protect your retirement? Sign up for my Insider Notes Newsletter at CraigPeterson.com.

No hype. No jargon. Just practical guidance to keep you safe online.

Related posts

  1. What’s a Fake Amazon Security Alert? The Typosquatting Trick
  2. Social Security Going Online-Only in 2026: What Retirees Need to Know to Avoid Scams
  3. The Hidden Dangers of Social Engineering: Tips to Outsmart Cybercriminals
  4. The Text Scam That Can Take Over Your Phone Number and Empty Your Bank Account