You might receive emails from Amazon, such as Sold, Ship Now emails or Technical Notification emails. However, sometimes you might receive emails that are not really from Amazon, even if at first glance they may appear to be. Instead, such emails are falsified and attempt to convince you to reveal sensitive account information.

These false emails, also called "spoofed" emails or "phishing," look similar to legitimate emails from Amazon. Often these emails direct you to a false website that looks similar to an Amazon website, where you might be asked to give account information, such as your email address and password combination.

Unfortunately, these false websites can steal your sensitive information, which can then be used without your knowledge to commit fraud.

To protect yourself from responding to these emails, you can follow some simple rules:

Know what Amazon won't ask in email: Amazon will not ask you for the following information in an email communication: Your bank account information, credit card number, PIN number, or credit card security code (including "updates" to any of the above) Your mother's maiden name or other information to identify you, such as your birth city or your favorite pet's name Your Amazon or Seller Central account password Amazon will not ask you for the following information in an email communication:

Review the email for grammatical or typographical errors: Watch for poor grammar or typographical errors. Many phishing emails are translated from other languages or are sent without being proof-read.

Check the return address: Genuine emails from Amazon always will come from an address ending in "@amazon.com." Check the email's header information. If the "received from," "reply to," or "return path" for the email does not come from "@amazon.com," it is not from Amazon. Most email programs let you examine the source of the email. The method you use to check the header information varies depending upon the email program you use. The following are some examples of fraudulent return addresses: seller-performance@payments-amazon.com amazon-security@hotmail.com amazon-payments@msn.com Genuine emails from Amazon always will come from an address ending in "@amazon.com." Check the email's header information. If the "received from," "reply to," or "return path" for the email does not come from "@amazon.com," it is not from Amazon. Most email programs let you examine the source of the email. The method you use to check the header information varies depending upon the email program you use. The following are some examples of fraudulent return addresses:

Check the website address: Some phishers set up spoofed websites that contain the word "amazon" somewhere in the URL. Genuine Amazon websites always end with ".amazon.com", "amazonsellerservices.com" or "sellercentral.amazon.com." We will never use a combination such as "security-amazon.com" or "amazon.com.biz."

When in doubt, go directly to Amazon or the Seller Central website: Some phishing emails include a link that looks as though it will take you to your Amazon account, but it is really a shortened link to a completely different website. If you hover over the link with your mouse when viewing the message in your email client, you often can see the underlying false website address, either as a pop-up or as information in the browser status bar.

Note: The hover technique can be fooled. If you do click on a link, always look at the URL in your browser when the page opens.

The best way to ensure that you do not respond to a phishing email is to always go directly to your seller account to review or make any changes to the account. When in doubt, do not click on a link in an email.

Do not unsubscribe: Never follow instructions contained in a forged email that claim to provide a method for unsubscribing. Many spammers use these unsubscribe processes to create a list of valid, working email addresses.

Use the features in Seller Central to track your orders: The Sold, Ship Now email notification is a useful tool. However, you can find the most accurate and up-to-date information for your orders using the Manage Orders feature in your seller account.

If an offer sounds too good to be true, it probably is: Sometimes phisher emails will offer you deals, such as a discount or a free item, in return for completing a simple task, (for example, signing in to your seller account). We recommend that you never sign in to your seller account by clicking on a link embedded in email.

Help stop phishers and spoofers

You can make a difference. Amazon has filed several lawsuits against phishers and spoofers. These lawsuits began with sellers alerting Amazon to suspicious emails. As part of our ongoing commitment to stop spoofing, you can help us investigate spoofed emails. Send us the original spoofed email, with the complete header information, using our report phishing form.

To locate the header information, configure your email program to show All Headers. (This varies, depending on the email program you use.) The headers we need are well labeled and will look similar to this example:

X-Sender: someone@domain.com

X-Sender-IP: [10.1.2.3]

X-Date: Tue, 08 Apr 2003 21:02:08 +0000 (UTC)

X-Recipient: you@domain.com

X-OUID: 1