Messages • Published May 27, 2026

Fake Amazon texts: what families should do before clicking

A delivery text can feel harmless because it arrives in the middle of ordinary life. Someone is waiting for vitamins, a charger, a birthday gift, or household supplies. The message says there is a delivery problem, a refund waiting, or an account lock. The easiest next move is to tap the link.

That is exactly why families need a no-link rule for surprise retail messages. The rule is not "never shop online." The rule is: when a text creates urgency, start a new path to the account instead of trusting the path inside the message.

A concrete scam scenario

A parent receives a text that says, "Amazon: Your account is locked because of unusual activity. Confirm your delivery address today to avoid cancellation." The link opens a page that looks familiar. It asks for an email address, password, card number, and a one-time code "to verify the account."

The page may not be Amazon at all. It may be a fake sign-in page built to collect the account password, payment details, or login code. If the person enters the code, the scammer may use it immediately to sign in somewhere else, reset a password, place orders, change delivery details, or call back pretending to be support.

The family does not have to solve the technical mystery in the moment. They only need a safer next step.

The family no-link rule

Use this household rule for delivery, refund, account-lock, and suspicious-purchase messages:

We do not fix account problems from a surprise text. We open the app, type the website ourselves, or use a saved trusted number.

This rule works because it separates the message from the account. If the warning is real, the issue should still appear when the person opens the official app or types the website address manually. If nothing appears there, the text was likely just pressure.

Family script to use verbatim

Use this script when a parent, spouse, grandparent, or relative sends you a suspicious delivery text:

"Do not tap the link or reply to the text. Send me a screenshot if you can. We will open the Amazon app or type the website ourselves and check the account from there."

If you are the person who received the message, say this out loud before doing anything:

"I do not fix account problems from a surprise text. I am going to leave this message, open the app myself, and ask for help if anything still looks wrong."

The goal is not to argue with the message. The goal is to leave the pressure path.

What to check before clicking

If someone already clicked

Stay calm and focus on containment. Clicking a link is common. The important question is what happened next.

If no information was entered, close the page and delete the message. If a password was entered, change that password from a trusted device. If the same password is used anywhere else, change it there too. If a card number was entered, call the card issuer using the number on the card and ask what protection steps are available. If a login code was shared, sign out of other sessions where possible and review account security settings.

Do not turn this into a lecture. The person who clicked needs a calm helper more than a courtroom. Shame slows reporting, and fast reporting can matter.

Make the rule easy to find

Put the no-link rule next to the trusted-number sheet, the call-back rule, and the family safe word. The best family safety rules are visible before the stressful message arrives.

In SafeHouse: The Family AI Scam Defense Workbook, pair this article with Page 42, "The Call-Back Rule," Page 47, "Trusted Number Sheet," and Page 84, "Passwords, Two-Factor Authentication, and Device Basics." You can also review the ebook section to see how the workbook turns these rules into printable family pages.

Turn suspicious texts into a shared family rule.

The workbook gives your family phone-side scripts, trusted-number pages, account-security basics, and practical worksheets so nobody has to improvise from a scary message.

Buy the ebook