Spork_Blog_EcommerceWebsite

Amazon Seller Scam Alert: Beware Of Account Takeovers

If you’re selling parts or accessories on Amazon, you need to be aware of an account takeover scam that has cost thousands of sellers massive amounts of money. The risk is primarily for Amazon sellers rather than Amazon vendors, but even vendors have some risk.

By the way, an Amazon seller lists, prices, and promotes the product(s) themself while vendors sell products to Amazon wholesale, which the company then re-sells. Moving on…

Recently, we have become aware of an alarming number of takeovers, so we decided to issue a warning since it seems to be a very big problem right now.

How The Account Takeover Scam Works

Account takeovers are a form of a phishing attack, so the mechanism is probably familiar:

  1. Someone emails, calls, or texts you, pretending to be Amazon (or an Amazon employee), sending something like “You’ve been locked out of your account” or “There is an order that needs your attention” or “Your account is at risk,” etc.
  2. The email or text contains a link to a site that looks like it is Amazon.com, but is in fact a fraudulent site that will capture your login info (including your password).
  3. The scammers will then login to your Amazon account and attempt to drain your funds.

It’s a big deal when it happens. Unfortunately, several Amazon sellers have been driven into bankruptcy as a result.

Account takeovers are a form of a phishing attack, so the mechanism is probably familiar.

How To Avoid This Scam (And Others Like It)

Scammers often email people pretending to be someone else (like Amazon or Facebook or PayPal), include a link to a site in their email or text that looks right but is actually fake, and then capture your login and password. This is a standard scam called “phishing,” and it has some telltale marks:

  • The emails and websites are always a little off. The email or website doesn’t look right, the domain name isn’t correct, the language has spelling/grammar errors, and so on.
  • The emails (or texts) are dramatic. The subject lines and email content is alarming, more so than you’d expect from a big company…something like “YOUR ACCOUNT WILL BE SUSPENDED.” This is way more aggressive than normal communication from Amazon.
  • Big companies like Amazon almost never call anyone. If you think about the number of sellers on Amazon, it’s easy to understand why they would never call. So, if you get a call from someone claiming to work for Amazon, be extremely skeptical.
  • No company will ever call you asking for your password (ever). A phone call from someone asking for your password is always always ALWAYS a scammer.
  • No one asks you to install software either. Big companies don’t ask customers to install new software: If you get a call from someone asking you to go to a website, download something, and then click on “install,” hang up (it’s a scam).
  • Check the “From” email address. If you get an email from Amazon, be sure to look at the “From” address in the email header. If it’s a scam, it will usually come from @gmail.com or @iname.com or something like that.

NOTE: The FTC has some more phishing prevention tips here that might be good to share with your entire staff. Phishing is a risk for all aspects of your business (not just Amazon).

Amazon Seller And Vendor Account Security Best Practices

A few simple precautions can go a long way to protecting your account:

Setup Two-Factor. Setting up two-factor authentication is one of the easiest ways to avoid being scammed. This extra layer of security is annoying – who likes the whole “text me a code” process? – but it protects you even if someone manages to steal your password. Here’s a link from Amazon on setting that up.

Don’t share logins or passwords. Amazon, in particular, makes it easy to add new users to your account without giving them your login or password.

Use a good (and long) password. We talked about this one a bit in a blog post awhile back – most passwords aren’t very secure. If you come up with your own password algorithm (which is easier than it might sound), you will have a very secure password no one will be able to guess.

Last, but not least, be suspicious whenever you are asked to enter a password. If the website asking for your password doesn’t look right or if something feels off, stop what you’re doing and take a step back. Gut instincts are underrated.

More Content

Parts Ecommerce In 2023: What Will Change And What Will Stay The Same?

2023 auto parts ecommerce changes

It’s that time of year when everyone makes predictions about the next year. In this post, we’ll tell you what we expect to change, what…

Read More

RYZEO: A Product Recommendation Solution For Parts Ecommerce – Insider Interview Series

We’ve recently spoken with an ecommerce solution leader about how personalizaton could benefit online auto and accessories sellers. We interview Russell Miller, COO of Ryzeo,…

Read More

Shopify vs. BigCommerce vs. WooCommerce – Which Is Best For Parts And Accessories Ecommerce?

Shopify, BigCommerce, and WooCommerce all have their own claim to fame: Shopify is one of the fastest-growing ecommerce platforms in the world BigCommerce is one…

Read More
Auto parts in the cardbox. Automotive basket shop. Auto parts store.