Holiday shopping season is in full swing, and not surprisingly, Amazon.com is a popular destination. But if you’re one of the millions of people to recently ordered an item from the e-commerce giant (or you’re still browsing around for present ideas), be aware of a sneaky new phishing scam. Both Amazon Prime members and regular customers have reported receiving fake (yet very official-looking) emails that appear to come from Amazon asking them to re-enter their credit card information.

The email’s subject line says, “Your Amazon.com order cannot be shipped.” The full message reads:

 

“Hello, There was a problem processing your order. You will not be able to access your account or place orders with us until we confirm your information. Click here to confirm your account. We ask that you not open new accounts as any order you place may be delayed.

For more details, read our Amazon Prime Terms & Conditions.”

 

Recipients who follow the email’s instructions and click on the link are taken to a convincing “Amazon” page. There, they are invited to input their names, address, and credit card info (including the expiration and CVV security code). Once they hit Save & Continue, they’re automatically guided to the real Amazon Website.

Be on high alert and don’t fall for this scheme. You should never click on embedded links in a suspicious email. In this case, check to see whether the items mentioned in the email are ones you’ve actually purchased (you can head to Amazon’s “Your Orders” section to jog your memory if need be), be suspicious of typos and spelling mistakes, and hover your cursor over any URLs provided and the sender’s email address to take a close look—phishing scams will notoriously use URLs (which is a Webpage address) similar to the real deal.