If you have ordered anything from Amazon for Christmas, watch out, you might get scammed.

It's a very real-looking email, that says there is something wrong, most likely with your shipping. It's got all the logos and looks legit. Whatever you do, don't sign in to your account from the email..

It looks like it comes from Amazon.com and has the subject line "Your Amazon.com order cannot be shipped." According to Inc.com it reads like this:

Hello,

There was a problem processing your order. You will not be able to access your account or place orders with us until we confirm your information. Click here to confirm your account.

If you click on it you will go to a very real looking amazon site, BEWARE, IT IS NOT!!

 

According to inc.com here are things to look for to know it's a scam

1. Check for the S.

Amazon and other sites dealing with financial information should start out "https" not "http". Floating your cursor over the link should show you which it is, or if your browser hides those prefixes, you can copy and paste. But avoid actually going to insecure pages.

2. Look closely at the URL.

The domain name should begin "amazon.com" or possibly something like "amazon.co.uk" if you're shopping on Amazon outside the U.S. Most retailers start with their domain name and then add on a department. For instance, the URL for Amazon's page for customer assistance begins: "https://www.amazon.com/gp/help/customer/". Watch out for anything like "amazoncustomerservice.com."

3. Examine the email address.

Likewise, the sender's email address should end "@amazon.com" (or something comparable for other retailers). It obviously shouldn't be anything like "amazoncustomerservice@gmail.com," but fake domains can be used to create fake addresses, so even if the domain looks like it might be legit, be cautious if it isn't the same domain you would use to visit the retail site. Incidentally, Amazon asks that you attach (or if not, forward) scam emails so their security team can shut them down.

4. Get there by your own means.

We all click through from emails to websites all the time, and most of the time it won't get you in trouble. But if you receive an email announcing a problem with your account and/or asking you for further information, it's much smarter not to click the link. Go to the site using your bookmarks or history, or via search.

5. Use two-step authentication whenever it's offered.

The smartest websites and services help preserve your security by offering two-factor authentication when signing in. You should take them up on the offer.

To set that up, a site will ask for your mobile phone number and then text you a number to enter whenever you try to sign in. (Many sites also allow you to use Google Authenticator and/or a one-time code, which can be very handy if you lose your phone, or it dies, or you're somewhere out of cell range.) You can set your home computer to be recognized so it won't put you through that process every time you sign in, but it will prevent hackers elsewhere from signing into your email, retail, bank, or other online accounts and causing havoc.

That may not help you if you accidentally share your credit card numbers with someone who shouldn't have them, but it will help you a lot if a scammer gains access to your account passwords.