Spork_Blog_EcommerceWebsite

Amazon Seller Scam Alert: Beware Of Account Takeovers

If you’re selling parts or accessories on Amazon, you need to be aware of an account takeover scam that has cost thousands of sellers massive amounts of money. The risk is primarily for Amazon sellers rather than Amazon vendors, but even vendors have some risk.

By the way, an Amazon seller lists, prices, and promotes the product(s) themself while vendors sell products to Amazon wholesale, which the company then re-sells. Moving on…

Recently, we have become aware of an alarming number of takeovers, so we decided to issue a warning since it seems to be a very big problem right now.

How The Account Takeover Scam Works

Account takeovers are a form of a phishing attack, so the mechanism is probably familiar:

  1. Someone emails, calls, or texts you, pretending to be Amazon (or an Amazon employee), sending something like “You’ve been locked out of your account” or “There is an order that needs your attention” or “Your account is at risk,” etc.
  2. The email or text contains a link to a site that looks like it is Amazon.com, but is in fact a fraudulent site that will capture your login info (including your password).
  3. The scammers will then login to your Amazon account and attempt to drain your funds.

It’s a big deal when it happens. Unfortunately, several Amazon sellers have been driven into bankruptcy as a result.

Account takeovers are a form of a phishing attack, so the mechanism is probably familiar.

How To Avoid This Scam (And Others Like It)

Scammers often email people pretending to be someone else (like Amazon or Facebook or PayPal), include a link to a site in their email or text that looks right but is actually fake, and then capture your login and password. This is a standard scam called “phishing,” and it has some telltale marks:

  • The emails and websites are always a little off. The email or website doesn’t look right, the domain name isn’t correct, the language has spelling/grammar errors, and so on.
  • The emails (or texts) are dramatic. The subject lines and email content is alarming, more so than you’d expect from a big company…something like “YOUR ACCOUNT WILL BE SUSPENDED.” This is way more aggressive than normal communication from Amazon.
  • Big companies like Amazon almost never call anyone. If you think about the number of sellers on Amazon, it’s easy to understand why they would never call. So, if you get a call from someone claiming to work for Amazon, be extremely skeptical.
  • No company will ever call you asking for your password (ever). A phone call from someone asking for your password is always always ALWAYS a scammer.
  • No one asks you to install software either. Big companies don’t ask customers to install new software: If you get a call from someone asking you to go to a website, download something, and then click on “install,” hang up (it’s a scam).
  • Check the “From” email address. If you get an email from Amazon, be sure to look at the “From” address in the email header. If it’s a scam, it will usually come from @gmail.com or @iname.com or something like that.

NOTE: The FTC has some more phishing prevention tips here that might be good to share with your entire staff. Phishing is a risk for all aspects of your business (not just Amazon).

Amazon Seller And Vendor Account Security Best Practices

A few simple precautions can go a long way to protecting your account:

Setup Two-Factor. Setting up two-factor authentication is one of the easiest ways to avoid being scammed. This extra layer of security is annoying – who likes the whole “text me a code” process? – but it protects you even if someone manages to steal your password. Here’s a link from Amazon on setting that up.

Don’t share logins or passwords. Amazon, in particular, makes it easy to add new users to your account without giving them your login or password.

Use a good (and long) password. We talked about this one a bit in a blog post awhile back – most passwords aren’t very secure. If you come up with your own password algorithm (which is easier than it might sound), you will have a very secure password no one will be able to guess.

Last, but not least, be suspicious whenever you are asked to enter a password. If the website asking for your password doesn’t look right or if something feels off, stop what you’re doing and take a step back. Gut instincts are underrated.

More Content

Domain Name And Hosting FAQs

If you are creating a new website or reconsidering your existing domain name and hosting arrangement, this post is for you. We cover the basics…

Read More

What’s A Good ROAS In Parts And Accessories Advertising?

Auto parts and accessories manufacturers and retailers that advertise need to understand return on ad spend (ROAS). In this three-minute video, Spork Marketing Founder Jason…

Read More

Use A Vehicle Giveaway To Market Your Store At A Fraction Of The Cost – Shared Sweeps

photo of Craig Martens of Shared Sweeps

Few things get consumers more excited than a life-changing giveaway. Part and accessory consumers especially get excited about a chance to win a race-prepped Porsche,…

Read More
Auto parts in the cardbox. Automotive basket shop. Auto parts store.