Phishing scams are on the rise, and a growing number of individuals and businesses are victims of these scams. As the scams evolve in complexity, it can become increasingly challenging to identify signs of phishing.
To safeguard your business, it is important that you stay up to date on the latest scams, and are armed with knowledge on how to keep your seller account safe. Below, we dive into:
● Phishing emails, and other types of phishing attacks
● How to identify signs of phishing
● The steps you can take to keep your seller account safe
● What to do if you believe your seller account has been compromised
Phishing is a cyber scam where fraudulent messages are sent to victims with the goal of tricking them into performing a task—such as revealing sensitive information, or clicking on a link or an attachment that installs a virus or malicious software on a victim’s device.
Scammers may target different types of sensitive information, such as bank account details, login credentials, credit card details, PINs, One-Time Passwords (OTPs) and other personal data.
Beyond emails, cyber scams can also take place through other mediums. Scammers may deliver fraudulent messages via text (‘smishing’), phone calls (‘vishing’) or social media channels.
Scammers have attempted to target Amazon sellers through phishing emails. A seller may be notified that his or her account is at risk of deactivation, and that steps should be taken to validate their personal information. The seller may also be informed of a problem with his or her payment account, and be asked to provide personal information to rectify the issue.
How to protect yourself from phishing scams
Pay attention to the sender email
Check the sender’s email address. Emails that are sent by Amazon will come from an address ending with “@amazon.com”, or one of the email addresses listed in the Seller Central help resource on identifying spoofed emails
. If the email you have received does not come from any of these sources, it is not a genuine email from Amazon.
Check the URL
Scammers may attempt to direct you to a fraudulent website with the aim of getting you to disclose sensitive information. Be sure to check the URL, keeping in mind that the URLs to official Amazon websites always end with one of the following:
Amazon will never use a combination of words or abbreviations, such as "security-amazon.com", “sellers-amazon.com” or "amazon.com.biz".
Keep an eye out for grammatical errors
Phishing scams are becoming increasingly sophisticated. These days, fraudulent emails and websites often closely resemble a legitimate email or website in terms of the branding, logo and content. The lack of grammatical errors does not mean that an email or website is genuine—but if you do spot these errors, it is a clear red flag that this could be a scam.
Be wary about messages that create a false sense of urgency
Scammers often create a sense of urgency to lead their victims into believing that the situation at hand requires immediate action—such that they do not pause to consider if the communication they receive is authentic.
Keeping calm is key. If you suspect that an email notification is a scam, log into your account to check your performance notifications in Seller Central. Avoid clicking on any links in the email, including links that look like they would direct access to Seller Central. Instead, type the relevant URL into your address bar.
If there is anything you are unsure about, reach out to the Amazon support team through Seller Central
Navigate to the Help page, scroll to the bottom and click Get Support. You will be asked to choose between two options: Selling on Amazon or Advertising & Stores.
After you have selected an option, you will be directed to a different page containing a search bar and a list of questions. Click on the dropdown option titled “Other account issues”, and select your preferred language. You will be presented with two options—email or phone—to communicate with the support team.
Know the types of information Amazon will and will not ask you for
Amazon will never ask you for sensitive personal information, such as:
● Your bank account details, credit card number, PIN number, or credit card security code (including "updates" to any of the above)
● Your Amazon or Seller Central account password
● Answers to security questions, such as your mother’s maiden name, nicknames, or any other information that could be used to identify you
Use a strong password, and change it regularly
Avoid using the same password for your online accounts, and change your password on a regular basis. Adopting the following best practices can help you create a secure password:
● Use a combination of letters, numbers and characters
● Do not use personal information
● Avoid using real words
● Use a longer password
Ensure that user permissions for your account are up to date
If there are multiple online users managing your business, have each of them create their own seller account, and link up their accounts to yours.
And keep your user permissions up to date—if a user no longer requires access to your account, revoke their access to your account immediately. Further information is available on the help resource on user permissions
The user permissions feature is only available to sellers with the Professional selling plan.
Check your notification preferences
Check your notification preferences
, and ensure that you have adjusted your settings to receive notifications about important actions being taken on your account.
Steps to take if your account has been compromised
1. Change your Seller Central login password. Contact Seller Support if you are unable to login to your account.
2. Review the following information in your account to determine if any changes have been made:
● Email address preferences
● Payment information
● User permissions
● Amazon storefront details
● Listing and condition notes
3. Your email account may also have been compromised. Consider changing your password for your email account, and switching to a different email account for your seller account.
4. Contact Seller Support to report a compromised account.
5. If you receive suspicious emails or links, report these to Amazon. We will outline the steps you need to take in the next section.
Reporting phishers and spoofers to Amazon
1. Address your email to firstname.lastname@example.org
2. Include the original phishing email as an attachment. Sending it as an attachment is the best way to preserve the email header, which contains information Amazon requires to trace the origin of the forgery.
3. If you are unable to send the phishing email as an attachment, you can forward it to email@example.com, along with all the information you are able to locate in the email header.
To locate the header information, configure your email program to show “All Headers”. This will vary, depending on the email program you use. The headers we require are well labelled, and will look similar to this example:
X-Date: Tue, 08 Apr 2003 21:02:08 +0000 (UTC)
Do note that Amazon is not able to respond to all emails reporting spoofed emails or phishing, although we do read them and take action as appropriate. If you have specific questions about your account, search Seller Central Help or contact us
Let us know if you found this article useful.