With the hustle and bustle of the Black Friday, Cyber Monday and Christmas sales are we seeing an increase in Amazon seller scams?
We’ve heard from several sellers (all of whom received questionable calls and emails), and decided to investigate.
And while you might think of phishing scams as money-transfer requests to foreign countries, these new scammers appear to be targeting new Amazon sellers.
But that could never happen to you, right?!
Well, the fact is: scammers are getting sneakier. They clearly know the Amazon space they’re attempting to infiltrate, and use convincing language in their emails and information requests to make sellers think the scammers are people they aren’t.
There is nothing worse than a threat to your Amazon seller account, so make it your number one priority to protect yourself! Here’s what you need to know:
1. ALWAYS take a close look at the email sender and/or URL
Email cons and phishing scams go hand-in-hand, so it’s important you know how to spot a fake. An email from Amazon is genuine when the address ends in @amazon.com or @amazon.co.uk.
No other variation of @amazon.com or @amazon.co.uk is acceptable.
Check the email’s header information too. If the “received from”, “reply to”, or “return path” for the email does not come from “@amazon.com” or “@amazon.co.uk” , it is NOT from Amazon.
Here are a few example emails, used by phishing con artists:
Reportedly, the link https://sellercentral-secure-amazon.com has been used recently to ask sellers to sign in. At first glance, it appears legit because we see “seller central” and “amazon” in the link.
But a quick copy/paste into an incognito browser shows me this:
This isn’t a huge surprise because the domain should be a dead giveaway.
Genuine Amazon websites always end with “.amazon.com” or “sellercentral.amazon.com.” They will never use a combination such as “security-amazon.com” or “amazon.com.biz.”
Another seller reports a texting phishing scam that asks sellers to login at https://www.sellers-amazon.com.
Following the guidelines above, the “-amazon.com” is an immediate red flag. If you get one of these emails, and you’re in doubt as to whether or not it’s real, go directly to Amazon or the Seller Central website.
Some phishing emails include a link (such as the one above) that looks as though it will take you to your Amazon account. In reality, it’s a shortened link that will take you to a completely different website.
If you hover over the link with your mouse (don’t click it!), you can usually see the underlying website address and determine if it’s fake.
And if you see any glaring spelling or grammatical mistakes in the email, that’s another red flag!
2. Turn on 2-Step Verification
Most sellers are only able to sign-in to their Seller Central account using a two-step authentication process, which requires a 6-digit code to be sent to you via another computer.
Usually, the code is sent from a two-factor app (like Authy or Google Authenticator) to your phone. Therefore, if an alleged Amazon rep calls or emails you and asks you to login with a code they provide, that’s a red flag!
DON’T do it.
If you have not yet enabled a 2-step verification sign-in, do so now. It’s an important step in protecting yourself.
3. Don’t share your bank details.
This should go without saying, but your banking details are for your eyes only.
Amazon emails will never request that you share or confirm your bank information, password, or identifying info (such as your mother’s maiden name, favorite pet, city of birth, etc.).
For security reasons, Amazon only accepts sensitive banking documents uploaded via the verification section of Seller Central.
Never send these documents via email if they are ever requested.
*See spelling and/or grammatical mistakes in an Amazon email? Red flag!
*If you suspect any suspicious interactions with an Amazon rep, immediately change your Seller Central password. When you click a suspicious link and begin logging in with your account info, the scammer will immediately have access to your account and any subsequent password changes.
*If you need to verify that a rep works for Amazon, you can (and should) ask them for their Amazon login name. This is a scrambled version of their name, which you can then call into Amazon, verifying the person is, in fact, an employee.
*Head to the help section of Seller Central. Type in your issue, and then you can select a request to have a rep call you back.
But don’t panic…
There are times, however, when Amazon really does need to get a hold of you, to address urgent matters. This could include notifications of patent infringement, account suspension, fraudulent activity, etc.
Obviously, these are worst case scenarios. But they can and do happen, which is why it’s important to verify the sender’s details before you do anything else.
When in doubt, do not click on a link in an email!
If a phishing email is making you think it’s real, always go directly to your seller account to review or make any changes.
You can also help Amazon combat the spam!
They’ve gone after email scammers and phishers before, filing lawsuits and setting up a phishing form where you can submit any suspicious activity you encounter. Or, forward a suspicious email or website to firstname.lastname@example.org
Amazon seller scams aren’t common, but you do need to be prepared for them.
Take all the steps necessary to protect yourself, your banking information, your seller account, and your products. And then, if you’re targeted, you’ll know what to do (and what not to do!).