About Identifying Whether an E-mail is from Amazon

E-mails from Amazon will never ask you for personal information. If you receive a suspicious (sometimes called phishing) e-mail, here are some tips to determine if it's an e-mail from Amazon.

If you received an e-mail regarding an order you didn't place, the e-mail likely wasn't from Amazon. Please send the e-mail as an attachment to stop-spoofing@amazon.com. For more information, go to Report a Phishing or Spoofed E-mail.


Don't open any attachments or click any links from suspicious e-mails. If you've already opened an attachment or clicked a suspicious link, go to Protect Your System.

To help identify phishing e-mails and for tips on safe online shopping, see our short Help Video:

Suspicious e-mails often contain:

  • An order confirmation for an item you didn't purchase or an attachment to what looks like an order confirmation.

    Note: Go to Your OrdersYour Orders to see if there's an order that matches the details in the e-mail. If it doesn't match an order, the message isn't from Amazon. Amazon never puts attachments on order confirmation e-mails.

  • Requests for your Amazon.co.uk username and/or password, or other personal information. Personal information includes things like: your National Insurance number, your credit card number, PIN number, or credit card security code, or your mother's maiden name.

    Note: Amazon will never ask for personal information to be supplied by e-mail.

  • Requests to update payment information. through a link in the e-mail. Amazon e-mails would include instructions on how to verify account information through the Amazon.co.uk website.

    Note: Go to Your AccountYour Account and click Manage Payment Options in the Payments section. If you aren't prompted to update your payment method on that screen, the message isn't from Amazon.

  • Links to websites that look like Amazon.co.uk, but aren't Amazon.

    Note: Legitimate sites have a dot before "amazon.co.uk" such as http://"something".amazon.co.uk (usually "www"). Sites such as "payments-amazon.com" aren't Amazon sites. We'll also never send e-mails with links to an IP address (string of numbers), such as "http://123.456.789.123/amazon.co.uk/".

  • Attachments or prompts to install software on your computer.

  • Typos or grammatical errors.

  • Forged e-mail addresses to make it look like the e-mail is coming from Amazon.co.uk.

    Note: If the "from" line of the e-mail contains an Internet Service Provider (ISP) other than @amazon.co.uk, then it's a fraudulent e-mail.