I’m skeptical: I received an SMS text message from an unknown number saying that I’d come in 2nd for an Amazon raffle for a free pair of Apple AirPods. Nice, but… what? How can I tell if it’s legit or a scam, Dave?
Props to you for being skeptical and suspicious. It is indeed a scam. Let’s be candid, the Amazon Raffle doesn’t pass the “sniff test”: Why would Amazon be giving away expensive gear if it already sells a zillion dollars worth of product every day? And if it did, why wouldn’t the link in the message at least be to something like amazon.com/raffle or similar? Because… it’s bogus.
Before you proceed with any of these types of suspicious offers from email, Web pages, pop-up messages or SMS text messages, it’s always an excellent idea to do a bit of sleuthing to see if you can find whether it’s a scam or not. That’s what I’ll demonstrate in this article, so you can not just take my word for the questionable nature of the scam, but see how you too could identify that similar “offers” and “prizes” are bogus too.
THE AMAZON RAFFLE WINNER SCAM
Most of these sort of scams are trying to identify personal information about you, typically an account login. Imagine if a scammer got their hands on your Amazon account and password, the havoc they could wreak buying gift cards and emailing those to a temporary email address. Scammers generally don’t buy physical goods because Amazon is smart enough to re-verify identity the first time you ship something to a completely new address.
Here’s the SMS text message you likely got, or a variant thereof:
Seems fun and exciting, right? You won! Tap on that link and let’s get it!
Slow down, cowboy!
Let’s do a bit of sleuthing instead. First off, this text message came from (832) 471-0239. Where’s area code 832? Google says Houston, Texas. Hmm… Amazon’s based in Seattle, Washington, so that’s a bit suspicious right off the bat. But there’s lots more information to glean from this domain name b4grs.info.
RESEARCH A DOMAIN NAME BEFORE CLICKING ON THE LINK
At the most basic, why would Amazon not be using its own Amazon.com domain name? Okay, they have a URL shortener too, but it’s a.co [really, try it!] and that’s what they’d use, though certainly not for something where customers might be a wee bit skeptical in the first place. So raffle.amazon.com or amazon.com/raffle or even amazonraffle.com, but b4grs.info? Highly sus.
Fortunately, there’s a tool called whois.com and you can just enter a domain name and find out who owns it. I’ll do that with this b4grs.info domain:
Info withheld? Amazon wouldn’t need to do that. But what catches my eye is that the country of ownership for this domain is the two-letter ISO country code “IS”. What’s IS? Glad you asked! A quick ISO country code check on Wikipedia reveals:
Now we can be 100% sure that this is a scam. Why would Amazon text from a phone number in Houston, Texas to send us to a Web page on a domain based in Iceland?
CLICKING THE LINK? OKAY
But let’s say you aren’t as skeptical and don’t want to be Sherlock Holmes with this SMS text message. Instead, you tap on the link. Here’s what you’d see:
It’s pretty well done and at first glance looks legit with the Amazon logo on the top left, shopping cart graphic on the top right, and even the right color scheme to parallel Amazon. But if you read it closely it doesn’t really make any sense. If you’ve been chosen as one of 10 users to win this prize, why do you then have to answer quickly because “the number of prizes available is limited?”
Because if you are told to go quickly with the red time countdown and the threat of missing out on something free your brain kicks in and says “go! go! go!” and your normal skepticism is pushed aside. Smart, eh? But seriously, why would Amazon need to know any of this information?
Then again, perhaps you tap or click and get this error message instead:
Again, why wouldn’t Amazon – if this were legit – make sure that there was a generic landing page on the domain if you omitted the specific user-identifiable code in the URL? Scaaaaaaam!
Suffice to say, the old acronym of TANSTAAFL still applies and should be the foundation of your online safety, safety through skepticism. Don’t know what TANSTAAFL means? There ain’t no such thing as a free lunch.
Now be careful out there!
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!