"Amazon" wanted me to verify. I did. They weren't Amazon.

I shop online constantly and rely on my Amazon account for orders and saved cards. When email said there was a problem and I had to verify or lose access, worry beat skepticism.

The message copied logos, fonts, and order-language well enough that I clicked without typing the URL. I entered login and payment details on a page that mirrored the real checkout skin.

Brand phishing harvests credentials and cards, then tests stolen data fast. Within hours my card lit up with charges I never made. Amazon had never sent the email.

I pictured cancelled Christmas gifts and frozen Prime access, so I moved quickly instead of opening the app I already had installed.

When unauthorised orders appeared, I logged in through the official app and support confirmed they had not sent any verification blast. That single denial matched the timeline of the fake site.

Disputes and password resets ate evenings; the violation of someone shopping as me lingered longer than the dollar loss.

I never click verify links in email now—I type the retailer URL or use bookmarks. I wish I had paused for one deep breath first.

• Never click login or verify links in email—open the official site yourself.
• Report phishing to the brand and the FTC.

For more help, see our Report a scam page and Spot and avoid scams guide.