If you’re one of those people who uses the same password for all apps and websites… you’ve got a problem, and a big one. Amazon has had to sound the alarm for consumers, almost like a slap on the wrist, because attempts to steal passwords have shot up by 1000% in just two days. Yes, one thousand percent, absolute madness. They’re trying everything: fake messages with supposed refunds, cloned pages, passwords leaked from other websites… and if on top of that you’re using an easy or repeated password, you’re basically leaving the door open to practically your whole life.
Even though Amazon has reinforced its security and recommends things like passkeys and two-step verification, there are still millions of accounts protected with passwords like “123456” or “dogname22”. Spoiler: that’s not good enough anymore (and it wasn’t years ago either…)
The latest scam
The trending cyberattack comes via SMS. They tell you you’re getting money back for something you bought, you click (because who wouldn’t want to get money back) and you end up on a page that looks like Amazon, exactly like Amazon, same logo, same colors, same layout… But it’s not Amazon. It’s a clone designed to steal your password. A phishing scam.
The FTC and the Better Business Bureau have already warned that this scam is being refined to sneak past all filters and take advantage of anyone who doesn’t notice.
The leaked passwords: the hole where everything gets in
Beyond the SMS scams, many hackers don’t even bother tricking you: they use passwords that have already been stolen from other websites. According to CyberGhost, 81% of accounts that get hacked fall due to weak passwords. And more than half of people repeat the same password everywhere. So if your password was stolen from a recipe site in 2018 and it’s the same one you use for Amazon… well, you’ve done the hackers’ job for them.
How to protect your account
Amazon asks that you activate passkeys and two-factor authentication (2FA). It’s the quickest way to make it harder for anyone trying to get in without permission. And if you’re using a password that already appears in a data breach (you can check easily in your browser), change it now.
Avoid predictable stuff: no birth dates, pet names or football teams. If you can, use a password manager and forget about the problem. It generates impossible-to-guess passwords and remembers them for you.
Amazon has taken action
More than 320 million accounts already use passkeys. And that’s good news, because these passwordless logins are much more secure. But if your account still has an old or weak password, you’re still just as exposed.
Google has also warned: it doesn’t matter if you have passkeys if you’re still using a password that’s in a leaked database. You have to clean up and reinforce, not just stick on a band-aid.
How to choose a good password
- Use at least 12 characters combining letters, numbers, and symbols.
- Do not use your name, important dates, or common words. The more random it looks, the better.
- If it’s hard for you to remember them, use a password manager. That way you can have a different and secure one for each site without going crazy.
Experts warn that this is something to do now. Change your password today, activate 2FA, and stop reusing the same password on different platforms. It might be a hassle at first, but it could save you a scare (or a big charge on your card).
Strengthen your security or lose your account (and your money)
No one’s safe if they go around the internet with a weak or overused password. Check if yours has been leaked, change it for one that’s worth it, and activate everything that helps lock down your account!