Scam of the day – April 13, 2017 – Amazon marketplace hit by hackers

According to some estimates, Amazon may account for as much as 30% of the total online sales in the United States, however about half of these sales are not done directly by Amazon, but by third party merchants using the Amazon platform to sell their goods.  Recently there have been a number of cyberattacks against these merchants by hackers who have, in many instances, managed to hack into the Amazon accounts of these merchants and perform two different types of crimes.  In one, the hackers will change the bank account information of the merchant so that funds from sales are sent to accounts controlled by the hackers.  In another, hackers will take over the Amazon third party seller account of a seller who has been inactive for a considerable period of time and use the account to market non-existent goods, such as popular electronic goods including the Nintendo Switch, at very low prices to lure unsuspecting consumers into sending their money to the scammers who send nothing in return.

What appears to be a common thread in the hacking of the accounts of the third party vendors on Amazon is that their user names and passwords were stolen and used to gain access to the accounts.  Often this occurs when the third party vendors use the same usernames and passwords that they use for other accounts where there have been data breaches and the usernames and passwords have been sold on the Dark Web to other criminals.


Whether or not you are a third party vendor of Amazon or not, the lesson is the same, which is that you should use a unique username and password for each of your online accounts to help prevent this type of crime.  Creating a unique and easy to remember password is not hard to do.  A strong password should have capital letters, small letters and symbols.  You can take a short sentence, such as IDon’tLikePasswords and make that your base password.  Add a couple of symbols such as !! to the end of the password and you have a strong base password which you can then adapt by adding a few distinguishing letters at the end of the password for each account.  For example, your Amazon password could be IDon’tLikePasswords!!Ama.  This is easy to remember and a strong password.

In addition, whenever possible you should use dual factor authentication for further protection.