Amazon started as online book store and has grown to be the worlds largest online retailer.
Amazon faced ‘extensive’ six-month fraud
Bloomberg reports Amazon have faced an extensive six-month fraud which saw hackers stealing money from sellers’ accounts last year.
Some 100 accounts run by Amazon merchants were attacked by fraudsters between May and October 2018, said Bloomberg. Citing a UK legal document, hackers diverted sellers’ sales and loans into their own bank accounts. It quoted Amazon Capital Services UK, which provides loans to merchants for a year. It hasn’t been revealed how much online criminals managed to take.
How did it happen?
Amazon believes that the “serious” online hack saw merchants being tricked into handing over their accounts’ login details. The compromised accounts were changed by hackers on the Seller Central platform to their own at Barclays and payments supplier Prepay. This meant a direct access to sellers’ bank account details to steal their money.
‘Barclays and Prepay become innocently mixed up in the wrongdoing’
Amazon lawyers have asked for an approval to investigate bank accounts of hackers attached to Barclays and Prepay. They have noted that the two firms “have become innocently mixed up in the wrongdoing.”
Barclays declined to comment on the case but said that they aim to close accounts used by the hackers. Prepay declined to comment.
How are Amazon tackling online fraud?
Amazon say that they take phishing and spoofing attempts very seriously. They have designed a help centre so that merchants can report any concern about their accounts.
If sellers receive a correspondence that they think may not be from Amazon, they can report it to Amazon by sending the e-mail or webpage to email@example.com.
Report a phishing or spoofed e-mail or webpage:
- Open a new e-mail and attach the e-mail you suspect is fake. For suspicious webpages, copy & paste the link into the email body. If you can’t send the e-mail as an attachment, you can forward it.
- Send the e-mail to firstname.lastname@example.org
- Sending a suspicious e-mail as an attachment is the best way for Amazon to track it.
Amazon say that they can’t respond personally when sellers’ report a suspicious correspondence to email@example.com. However, sellers may receive an automatic confirmation. If merchants have security concerns about their account, they can contact Amazon using the Contact Us button.
To report a phishing phone call:
- Visit this page and fill out as much information as you can.
- The form will not provide a phone call option in the subject dropdown, but the form can still be used to report suspicious phone calls to Amazon
This news highlights how even the mighty Amazon can fall victim to online crime and the difficulty for Amazon to prevent the wrongdoing.
May not be related but I have had to stop using Amazon Pay on my website. Many large items bought and shipped to a different address than the billing one.. All tracked with DPD so we know they arrived. Charge-backs then opened on all of them. Each one costs me £14 and much form filling even if found in my favour. Even had second orders from the same account as a previous charge back that is open. Amazon refuse to discuss it and say that an approved payment is safe to ship. That’s true on PPal but very untrue on Amazon Pay.
Either Amazon are fully aware of this and not discussing it or they are negligent.