Amazon Phishing Attacks Against Sellers at All-time High

In a recent FTC report Amazon earned the dubious honor of being the most impersonated brand by bad actors in 2021. One in three reported phishing attacks were from Amazon impersonators. One in three!!! 

While these numbers include buyers as well as sellers, we’ve seen an uptick of sellers losing disbursements to bad actors who changed the sellers’ bank accounts in their seller central accounts.  

In a recent case, a seller (“Jim”) lost around $15,000 dollars. I’ve written about this before, but I thought I’d share my advice again because scammer activity is at an all-time high and sellers are vulnerable to losing so much. When Jim discovered the theft, he reached out to Amazon, which had him change his password and re-enter his bank account. He was hoping Amazon could reverse the payment.  

Jim discovered a fake user on his Amazon seller account with a plausible email:  first(dot)last@mail(dot)com. This is common with a phishing scam.  

For Jim this password reset could be the end of the theft, but if he doesn’t get to the bottom of how it happened, it could happen again. I’ve seen it, and it’s heart breaking. Here’s what I told him: 

Jim, 

I have bad news for you. Your money is gone. The thief moved it. Even if Amazon would recall it for you, it’s not there.  

Here is what you need to do: 

Report to law enforcement. If your local police have a cybercrime division, they will probably handle it. Otherwise… 

Report to the FBI. This is a federal crime.  

Submit the crime report to your insurance company and see what your policy covers. 

Give law enforcement Amazon’s law enforcement contact information. (Find it with a Google search or Seller Central help search).  

Some of my clients have eventually gotten their money back. It depends on how organized your thief is.  If your insurance pays out, it will collect whatever is recovered, of course.  

More bad news – it could happen again. I’ve had clients who lost multiple disbursements.  Amazon may freeze your account to protect it, especially if it happens more than once. You need to be extra diligent. 

Everyone will ask you how this happened. You need to put on your investigator hat now.  

Start with the assumption that your computer and phone (and tablet – whatever you use to access Amazon) are compromised for you and every admin in your account.  You can buy all new technology and start over, making sure to add some serious protection and encryption. Your insurance may pay for this. 

You can also take your devices to a forensic technology expert. These are the guys who testify in court. They will create 2 copies of all your drives and look for how the thief got in. This not only provides useful information for law enforcement but can be used at trial if the bad actor is caught. Depending on what the forensic experts find, they may be able to clean your devices.  

Here are the most common ways sellers lose their disbursements: 

It’s someone you know. Sorry. You don’t want to believe someone you know / trust would steal from you, but statistically embezzlement is the most common form of corporate theft. If you’ve ever left your account open on your computer, someone can make the changes without you knowing. He or she can grab your authentication code and use an app so you’d never know your account was being accessed. Family and coworkers already know your email and can either guess your password or know it because it is written down somewhere.  

A phishing attack. You or another admin user on your Amazon account clicked a link that gave the bad actor access to your account – and possibly remote control. If you’ve ever left your Amazon account open and unattended on your computer, someone could have easily grabbed your authentication code. He or she doesn’t need your cell phone to get into your account now–just your email and password which was probably picked up in a keystroke capture.  

An outside hack. This is rare because it is much easier to phish. A forensic expert will be able to tell in most cases.  

It’s an Amazon insider. This is rare, but I’ve seen it. In Jim’s case I think not because someone added a user to his account. An insider doesn’t need to do that.  

If you find a suspicious email, report it to Amazon along with a brief synopsis of your case. This will help them and law enforcement to trace the bad actors.  

If Amazon suspends your account, it is going to want to know what you’ve done to secure your account. You are the victim, but it’s your responsibility to fix the problem: 

  • Always use 2-step verification to login. Do not click the button that makes it easier to login.  
  • Use randomized passwords from an app (Roboform and LastPass are good ones) that are at least 12 characters long with letters, numbers and special characters. Set a reminder and change your password quarterly if not monthly.  
  • Use a VPN anytime you are not behind a secure firewall.  This includes your phone, tablets, laptop, etc. Do this every time you leave your office or home.  
  • Make sure your firewall is secure. You may need an expert to examine your network set up.  
  • Never click on a link in an email even if you are pretty sure it is from Amazon. If it truly is from Amazon, it will show up inside Seller Central in your case log or performance notifications, and you can click the link from there.  
  • Invest in some serious security and identity protection software for your network and mobile devices. 
  • Always log out when you are not actively working in your account.  
  • Make your employees and other authorized users on your account do the same. 

Other Amazon Phishing Insights

If you are looking for a VPN (virtual private network) make sure it has the option to always be on and to block internet access if disconnected. This provides a high level of encryption to your internet access and emails and helps protect against identity theft and targeted phishing attacks. 

I had a case where Amazon proved the bad actor was close to my client. He or she could see from the IP address that the person was on the same network. My client refused to believe the bad actor was someone he knew and so he was not reinstated. I don’t know if my client was right -sophisticated scammers can spoof IP addresses – but to get reinstated you need to act as if Amazon is right or prove definitively that it is wrong.  

In Jim’s case he was allowed to reset his password and keep selling.  This tells me that Amazon does not think it is embezzlement.  

In the insider cases I saw, there was a rash of them at the same time. My clients were told that THEY had made the changes themselves. In addition, Amazon did not follow its own policies and freeze the accounts, so my clients were robbed repeatedly. Even when they tried to pause their accounts themselves, they were reactivated. Only an insider can override protocol – a point I made vociferously in our appeals. It wasn’t until we were able to show multiple cases that Amazon was proactive. Amazon, by the way, reported months later that it had been hacked. Assuming that is true, their hacker was very well informed and able to access their systems for a long period of time. 

In this blog I’ve focused on the problems phishing can cause your Amazon seller account, which is bad, but phishers are really sophisticated. Some operate on multiple levels. They may get you to click on a link for something else entirely and plant their information gathering program. Then when they find out you are a seller, they attack you on that level. If you weren’t a seller, they might try something else.  

I’ve recommended Jim and the other users on his account search their emails for possible phishing attempts, but it’s possible the email won’t mention Amazon at all. The DHL scam could be a front.  It could be the text from your bank that your card is suspended. (Just got that while writing this blog.) It could be the spam saying you won something. As a good rule of thumb, do not click on a link or call anyone you don’t know. Brands will have websites and public phone numbers if you want to check them out. 

I called Chase Bank directly from my app, for example, to confirm the text phish. If I had called from the text, it’s possible my phone would have been infected. All those steps I recommend to Jim? Those should be standard operating procedures for every seller.  

At our company we have corporate VPN and password programs for every employee…and much more. When it comes to your livelihood, you cannot be too careful.  

In addition to the steps I recommend above, the FTC wants to know, too. To learn more about how to spot, avoid, and report scams—and how to recover money if you’ve paid a scammer—visit ftc.gov/scams. If you spot a scam, report it to the FTC at ReportFraud.ftc.gov. 

Read more blogposts about Amazon Bad Actors

Sign up for our newsletter

Get valuable, impactful and expert Amazon news and tips directly in your inbox with our newsletter.

Sign up for our newsletter

Get valuable, impactful and expert Amazon news and tips directly in your inbox with our newsletter.