That "Amazon Recall" Text Is Designed to Make You Panic-Click

That "Amazon Recall" Text Is Designed to Make You Panic-Click

A text arrives on your phone claiming Amazon has flagged a product you purchased for recall. The message looks official — a recognizable logo, urgent language, a link to what appears to be a legitimate returns page. According to reporting by the Albuquerque Journal, this is a smishing attack: SMS phishing designed to mimic trusted brand alerts and pressure recipients into handing over personal or financial information before they stop to think.

The pattern reported by victims follows a familiar script. The message creates urgency — a dangerous product, a narrow window to act — then asks the recipient to "verify" account details, confirm a shipping address for a replacement, or pay a small "processing fee." Each step is engineered to feel routine. By the time the recipient realizes something is wrong, their login credentials, payment details, or both may already be compromised.

The Albuquerque Journal notes that Amazon is far from the only brand being impersonated this way. Scammers rotate through any name a recipient is likely to trust — retailers, delivery services, pharmacies — because the goal is the brand recognition, not the brand itself. If an unexpected text asks you to tap a link or provide information, the safer path is to close the message and go directly to the company's official website or app.

Gobble's Take: The text is built to move faster than your skepticism — slowing down for ten seconds is the whole defense.

Source: Albuquerque Journal

A Video Call Showed the CFO's Face and Voice — Neither Was Real

Staff at UK engineering group Arup lost US$25 million in Hong Kong after staff were tricked into a deepfake video conference call in which multiple participants — including what appeared to be the CFO — were entirely AI-generated. The instructions were urgent: transfer funds for a confidential deal. According to analysis published by the Risk Management Association of India drawing on documented incident reports, the CFO and other participants on the call were entirely AI-generated — synthetic voices and faces assembled from publicly available video and audio samples. Arup transferred $25 million before anyone verified the request through a separate channel.

This case, according to the same source, reflects a documented shift that regulators and cybersecurity bodies across multiple countries were openly describing by late 2025: AI-generated deepfakes had moved from an emerging concern to an active fraud method. Deloitte reported a roughly 700% increase in deepfake incidents targeting the financial sector by 2024 to early 2025. The Entrust Cybersecurity Institute found that in 2024, a deepfake attack occurred somewhere in the world approximately every five minutes, and digital document forgeries rose 244% year-on-year. The FBI's 2024 Internet Crime Report, cited in mid-2025 analysis, recorded $2.6 billion in global losses from business email compromise and voice phishing, with deepfake attacks reportedly doubling annually since 2022.

The mechanism described in the source reporting starts with publicly available material — earnings calls, LinkedIn videos, YouTube interviews — which provide clean voice and facial samples. Attackers feed those samples into voice-cloning tools, many of which are now widely accessible, then synchronize the cloned audio with realistic facial movements to create a convincing video call. UK fraud-prevention body Cifas warned the Financial Times in early 2024 that banks needed to prepare for a wave of exactly these attacks. For families, the practical takeaway from these reports is straightforward: any unexpected request to move money — even one that appears to come from a known face on a screen — should be verified by calling that person back on a number you already have saved.

Gobble's Take: A face on a screen is no longer the same thing as proof of identity — and the gap between the two is widening.

Source: Risk Management Association of India

In Case You Missed It

Yesterday's top stories:

• A Fake Book Club Is Charging Authors Up to $420 for a "Spotlight" That Doesn't Exist
• Scammers Can Clone a Voice From a Few Seconds of Audio — and the Call Will Look Like It Comes From Someone You Trust