Amazon marketplace has advanced from a website where people list some random products on, to a platform where true retailers build their business. This meant that gaining access to a seller’s Amazon account is potentially very lucrative. Not only can a hacker use it to gain insight about the seller’s business, best products, ads performance, etc., but also cause big cashflow issues.
In February we noticed that Amazon got the scam sellers issue under control, but we were wrong. After a few quiet weeks they resumed and are now back in full force. In the chart there is a quiet period for most of February, but then it picks right back up in March.
Currently we are detecting the most scam sellers activity we’ve ever seen. Amazon has done some changes to limit new accounts, but they are not strict enough yet. And scammers have found new ways to go around them.
Recently we wrote that Fraudsters Are Using Hacked Amazon Seller Accounts to Scam Buyers, at the time we weren’t sure if it was a random occurrence or a trend, but now we have confirmed it to be the latter. The chart shows that in March use of hacked accounts for scamming went from a random occurrence to a real trend. This only accounts for accounts which were successfully used for scamming (managed to get a few sales before Amazon suspended them), there are likely many more sellers.
During the past few days we detect roughly 75 new scam sellers every day, out of which 20 or so are previously dormant, and now hijacked accounts. It’s unclear how this is achieved, but it is happening at scale, not as here-and-there events.
We were happy to share our findings with Laura Stevens for her article “Amazon’s Third-Party Sellers Hit By Hackers” in The Wall Street Journal. She wrote:
“Hacks of dormant Amazon seller accounts in particular have increased since mid-March, to more than 20 some days from the low single-digits earlier this year, according to Marketplace Pulse, which monitors seller activity on e-commerce sites.”
However it appears that hackers are not only targeting dormant seller accounts, in hopes to use them for scamming buyers, but also to steal from active sellers. While fraud sellers on Amazon are creating chaos and frustrating real sellers, this type of attack is a crime.
One of the sellers affected by this was Lightning X Products Inc., which we were able to get a hold of to learn more about what happened.
“On March 5th we got an email that Amazon had picked up on “suspicious activity” on our account and that we needed to change our password. We tried to change it numerous times and each time it wouldn’t work and wouldn’t let us log in. I found the phone number for seller support and called them about the login issue and the email.
I was transferred around to 13 different departments over a 3.5 hour period - including seller support, US-based seller support, regular Amazon customer service, and finally a department called “password escalation”. It was this last department that told us that our account was under a security review and that we would not have access to our account for 48 hours while they conducted their investigation.
I asked to speak to a supervisor and they hung up on me.”
The few stories we’ve heard, and there are hundreds by this point, are all the same - a hacker gains access to seller’s Amazon account, and changes bi-weekly disbursement bank details to their own. Surprisingly, affected sellers are claiming to have never received any notifications from Amazon about the change.
“So after the 48 hours was up, it allowed us to log back in. I immediately checked our listings to make sure that no one had listed a bunch of fake items, everything was fine. Then I went to our account settings and noticed that our bi-weekly disbursement was scheduled to transfer that same day and the account number was not our bank account.
I immediately deleted that bank account and got on the phone and opened several cases with seller support. After being transferred around several times again by support agents who said there was nothing they could do we were told that the department in charge of issues like this was Seller Performance.
As you probably know, seller performance has no incoming or outgoing phone numbers. Plus they typically take several days or even weeks to respond to incoming emails, at which point when they do respond it is usually a form reply and it happens at 3am. We stressed the importance of acting quickly because the bank transfer (of $60,000) was supposed to post that same day, so we needed to talk to someone who could stop it before we lost that money forever.
All they said was “sorry, there’s nothing else we can do, you must email seller performance”.”
It then took a month of waiting, and continued contact with Amazon to have this issue resolved.
“The hack affected our Amazon.com, Amazon.ca and Amazon Payments disbursements. All three of them were held for a month, which totaled nearly $70,000. It was definitely a cash flow issue which caused us to delay payments to a few of our vendors. Thankfully, we were healthy enough as a company to make it a month without that money.”
The cashflow aspect of this is troubling, because given the nature of a retail business there is always invoices to pay. Lightning X Products ended up having to wait a month to get their $70,000 income, which would have caused serious issues for smaller businesses.
“I’ve been in this business for nearly 20 years and I know for a fact that if this happened to us 5-10 years ago that it would have put us out of business. I can only imagine a smaller, newer company going through this kind of issue. If we would have never gotten the money back we definitely would have been forced to lay off a few employees. Thankfully, that wasn’t necessary.”
It’s unclear if these two types of attacks are related, but they are coming from the same place - obtaining seller emails and passwords. There has been millions of those leaked from attacks on LinkedIn, Flickr, MySpace, etc. It’s essential for sellers to take security very seriously, and enable Two-Factor Authentication. We also recommend not using the same email address for anything, but accessing Seller Central.
We think the attacks on Amazon seller’s accounts are only going to get more aggressive and sophisticated. Crime is moving online, and Amazon seller accounts are one of the targets. Stealing from retail stores or warehouses has limited size, hacking e-commerce websites is hard and challenging to benefit from, but getting into an Amazon seller account is both easier than other attacks, and likely has more upside.
Businesses which depend on Amazon as their major source of income need to take this very seriously.