Amazon recall text scam: the fake refund that steals your password
A text or email claims a routine quality inspection found that an item from your recent Amazon order was recalled, and it offers a full refund with no need to return the item, if you click a link. The FTC warns that the real goal is your Amazon password and a takeover of your account.
Bottom Line First
If you get a surprise text or email saying an item from your Amazon order was recalled and you can get a refund without returning it, do not click the link. The Federal Trade Commission flagged this exact scam in a July 2025 consumer alert. The link goes to a copycat Amazon login page, and once you sign in, the scammer has your username and password and takes over your account to go on a shopping spree. Amazon does not announce real recalls by random text with a login link. It posts them inside your account on the "Your Recalls and Product Safety Alerts" page and through the app. If you already entered your password into one of these pages, change it now and turn on two-step verification. The same do-not-click rule applies to the fake Amazon order confirmation scam and to fake USPS delivery texts.
Why these recall texts are spreading now
On July 2025 the Federal Trade Commission published a consumer alert about scammy texts offering refunds on Amazon purchases. The agency was direct about it: the messages are bait, and the primary goal is stealing the password to your Amazon account so the scammer can take it over.
The lure works because it sounds like good news for once. Most scam texts threaten you. A frozen account, an unpaid toll, a package stuck at customs. This one offers you free money. An item you bought failed a "routine quality inspection," it has been recalled, and Amazon wants to refund you in full. Better still, you do not even have to ship the item back. For a lot of people, that combination of plausible and pleasant is enough to lower their guard and tap the link.
Through late 2025 and into 2026 the campaign kept growing, with follow-up coverage from Fox News, Trend Micro, CyberGuy and NBC describing the same playbook. Some versions of the text point at a copycat Amazon sign-in page. Others drop you into a fake refund portal or an endless survey loop that quietly harvests your IP address, device details, browser identifiers and behavioral data while it pretends to process your refund. The wrapping changes. The goal does not.
What the fake recall text looks like
The message arrives out of nowhere, usually from a random phone number that has nothing to do with any verified Amazon channel. The greeting is generic, with no name, because the sender does not know yours. The wording reads close to this: "Amazon: A routine quality inspection found that an item from your recent order does not meet Amazon's standards and has been recalled. You qualify for a full refund, no return required. Confirm here: [link]."
It is deliberately vague about the product. It says "an item from your recent order" rather than naming anything, because the scammer has no idea what you bought. Some versions paste in a realistic-looking order number to add weight, but that number is invented. The link is often shortened so you cannot see where it actually goes. Expand it and the real destination has nothing to do with amazon.com. It is a lookalike like amazon-recall-refund.com or amzn-safety-alert.net (illustrative examples, not the real Amazon domain), and sometimes a longer string like amazon-product-recall-center.com built to look official at a glance.
Tap it and you land on a page that copies Amazon's look, then asks you to "sign in to claim your refund." The login box is the trap. Whatever you type goes to the attacker. The real Amazon domain is amazon.com, and a real recall is never claimed by signing into a page some text message sent you.
Test that recall link before you tap it
Got a text or email about an Amazon recall or refund and not sure about the link? Paste it below before you click. Our 3-layer engine (Local + APIs + AI) returns a verdict in about 3 seconds. Free, no signup.
The one tell that gives it away
Here is the single fact that defeats this whole campaign:
Amazon notifies you about real recalls through official channels only, never by a random text with a login link.
Amazon does send real product safety alerts. It does them by email, by app push notification, and on a dedicated page inside your account called "Your Recalls and Product Safety Alerts." That page lists any recalled item you actually bought, with the real product details and the real refund or replacement steps. You reach it by signing in to Amazon yourself, the way you always do, not by following a link a text message handed you.
So when a refund offer arrives by surprise text from an unknown number, names no specific product, and pushes you to sign in through its own link, every part of that contradicts how Amazon really handles recalls. That mismatch is the tell. The safe move is always the same: ignore the link, open the Amazon app or type amazon.com yourself, and check the Recalls page from inside your account. If a recall is real, it will be there. If it is not there, the text was bait.
Red flags in a fake Amazon recall text
- It arrived by surprise text from a random number. Amazon does not announce recalls from a phone number that is not tied to any verified channel on your account.
- Generic greeting, no name. A real Amazon message about your order knows who you are. "Dear customer" or no greeting at all is a tell.
- The product is vague. "An item from your recent order" with no specific product is a giveaway. A fake order number may be added to look real, but it is invented.
- A refund with no return required. The too-good-to-be-true hook. Real refunds follow Amazon's normal returns flow, not a no-return windfall pushed by text.
- A shortened or hidden link. If the link is shortened so you cannot see the destination, expand it. A real Amazon link lives on amazon.com, not on a lookalike like amazon-recall-refund followed by a different domain.
- Urgency and pressure. "Claim within 24 hours" or "respond now to keep your refund" exists to stop you from pausing to check.
- It asks you to sign in through the link. A recall refund that requires you to log in on a page the text sent you is the credential-harvest step. Sign in only by opening Amazon yourself.
- An endless survey or refund portal. Some versions skip the login and loop you through "verification" questions while quietly collecting device and browser data.
If you already entered your password
Move fast. Once your Amazon password is captured, the attacker can sign in, change your details, and order on your saved payment methods. Do not wait to see what happens.
- Change your Amazon password immediately. Go directly to amazon.com or the Amazon app by typing the address yourself, not through any link in the text. Pick a new password you have never used anywhere else.
- Turn on two-step verification. Amazon calls it Two-Step Verification in your Login and Security settings. It blocks an attacker who has your password but not your second factor. Use an authenticator app where you can.
- Check for changed account and payment details. Open Login and Security plus your addresses and payment methods. Remove any email, phone number, shipping address or card you did not add. Attackers often slip in their own so they can redirect orders or lock you out.
- Review recent orders. Look for anything you did not buy. If you see a fraudulent order, cancel it if you can and report it to Amazon customer service right away.
- Sign out of all devices. Amazon lets you see and end active sessions in your security settings. Do this to kill any session the attacker opened.
- Reset passwords on accounts that share that password. If you reused the Amazon password anywhere else, change it on those accounts too, each one unique.
- Watch your payment statements. Check the card and bank statements linked to your Amazon account for charges you do not recognize, and dispute any you find.
How to report it
- Report the spam text to 7726. Forward the message to 7726 (which spells SPAM). This flags it to your mobile carrier so it can act on the sending number.
- Report the scam to the FTC at reportfraud.ftc.gov. This feeds the same consumer-protection data behind the July 2025 alert.
- Report it to Amazon. Amazon takes reports of fake messages that impersonate the brand so its team can pursue takedowns of the copycat pages.
- In the US, report to the FBI Internet Crime Complaint Center at ic3.gov if you lost money or had your account taken over.
How SafeBrowz blocks this threat
SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI.
- Layer 1 - Local detection: 60+ URL pattern signatures plus a 550+ brand database (Amazon included) plus homograph and Punycode checks, all running inside the extension before the page renders. It catches lookalike-domain refund pages and brand-impersonation cases where a non-Amazon domain renders an Amazon-styled sign-in form.
- Layer 2 - API checks: aggregates Google Safe Browsing, PhishTank, URLhaus and ScamAdviser feeds plus 30+ scam TLD lists to flag domains already known to be malicious, which covers many recall-refund campaign domains.
- Layer 3 - AI deep scan (Premium): 100+ language content analysis catches brand-new lookalike pages in seconds, including a fake Amazon login screen that copies the real styling but sits on the wrong domain.
Detection signatures are derived from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history.
Where browser-layer defense fits
Text and email filters cannot stop everything. Many recall texts come from fresh numbers that pass basic checks, and the fake login page is what actually does the damage. Browser-layer scanning catches that next step. When an Amazon-styled sign-in page renders on a domain that is not amazon.com, a brand-aware scanner flags the impersonation before the form loads. SafeBrowz is a free extension for Chrome, Firefox and Edge (Safari coming soon) that checks every URL before it renders against a 550+ brand database. Install SafeBrowz and pair it with the one rule that beats this campaign: check recalls only from inside your own Amazon account, never from a link a text sent you. If you want to get sharper at spotting fakes yourself, see our guide on how to tell if a website is a scam.
Install SafeBrowz free
Add the browser extension that runs every check in this article automatically, on every page, before it renders. Free forever, with optional Premium AI deep scan at $14.99 per year.
Add to Chrome
Add to Firefox
Add to EdgeFrequently asked questions
Does Amazon ever text me about a product recall and refund?
Not by a random text with a login link. Amazon posts real recalls inside your account on the "Your Recalls and Product Safety Alerts" page and notifies you by email and app push notification. It does not announce a recall from an unknown number and push you to sign in through that link. To check, open the Amazon app or type amazon.com yourself and look at the Recalls page. If the recall is real, it appears there.
I clicked the link and entered my Amazon password. What do I do first?
Change your Amazon password immediately by going directly to amazon.com or the app, not through any link in the text. Then turn on Two-Step Verification, check your account for changed email, phone, address or payment details and remove anything you did not add, review recent orders for fraud, and sign out of all devices. Reset that password anywhere else you reused it, and watch your linked card and bank statements.
How do I tell a fake Amazon link from a real one?
Look at the domain. Real Amazon pages live on amazon.com. A link to a lookalike like amazon-recall-refund followed by a different domain, or amzn-safety-alert, is fake. If the link is shortened, expand it before tapping. And remember that even a perfect-looking login page is fake if the address bar does not read amazon.com.
Why would a scammer offer me a refund instead of threatening me?
Because good news lowers your guard. Most scam texts use fear. This one uses a pleasant surprise, a full refund with no return needed, so you tap before you think. The FTC says the real goal is your Amazon password. With it the scammer takes over your account, orders on your saved payment methods, and harvests your saved details.
I did not enter a password but I filled out the "refund survey." Am I at risk?
Possibly. Fake refund portals and survey loops can quietly collect your IP address, device details, browser identifiers and behavioral data even without a password. Stop, close the page, and do not enter any personal or payment information. If you gave any account details, treat it like the password case above and secure those accounts.
How do I report an Amazon recall text scam?
Forward the text to 7726 (SPAM) so your carrier can act on the number, report the scam to the FTC at reportfraud.ftc.gov, and report the fake message to Amazon so it can pursue takedowns. In the US, file a report with the FBI at ic3.gov if you lost money or had your account taken over.
Related SafeBrowz coverage
- Fake Amazon order confirmation scam: how the bogus charge text works
- How to verify an email is real in 2026
- How to tell if a website is a scam
- Phone text scams: how smishing works and how to stop it
- Fake USPS delivery text scam: spotting the phishing link
- FedEx delivery scam text: the fake tracking trap
- DHL package tracking text scam: how the fake notice works
- PayPal account verification scam email: the lookalike login trap
- Zelle fraud alert text scam: the fake bank warning
- Unpaid toll text scam: fake E-ZPass and FasTrak demands
Bottom line: A surprise refund is a classic lure. If a text or email says an item from your Amazon order was recalled and offers your money back with no return, do not click. Check recalls only from inside your own Amazon account on the Recalls page, never type your password into a page a text sent you, and put SafeBrowz on your browser so the fake login page never loads in the first place.