Preventing your Amazon Account from Getting Hacked
“Oftentimes, when an Amazon seller has their account suspended for hacked accounts, it comes down to simple errors made by the suspended Amazon seller. At the end of the day, the only thing we can say is to limit the amount of people who have access to the suspended Amazon seller’s account and ensure that they are well trained so they won’t inadvertently harm the business.” ~ Sean, Paralegal
In Spring 2017, the issue of hacked accounts was prevalent. This occurred through multiple means: the bank information from third-party sellers were changed and distributions were sent from country to country, making them harder to track. Hackers also found their way into the Amazon accounts of sellers who had not recently used them and posted nonexistent merchandise for sale at a discounted price and then pocketed the cash.
Once Amazon is notified of a hacked account, they typically freeze the seller’s account.
Hackers can create imaginary listings and added inventory to accounts that sellers did not maintain. They then place long shipping dates for products so they can collect money from customers before the customer realizes they are being scammed. When that happens, Amazon customers purchase the deeply discounted items, but never actually receive them. At this point, the Amazon seller gets suspended and is held responsible until the issue gets resolved.
“If an Amazon seller’s account is actually hacked, one thing we have done to successfully get the suspended account reinstated is to set up a two-step verification process. To avoid this issue altogether, it is in the seller’s best interest to preemptively set up this verification process before an issue arises.” ~ Kerry, Senior Managing Paralegal
The biggest problem for a suspended Amazon seller with a hacked account is that they cannot make the necessary changes to regain access to their account because Amazon has shut them down for safety purposes. In order to gain access, they must contact the Amazon legal department. Amazon will work with sellers who have been hacked to help restore their accounts; they are also working to implement stricter verification procedures to help prevent hackers from gaining access to seller accounts in the first place.
Hackers can obtain Amazon sellers’ information in a variety of ways. An Amazon seller may visit a website that contains malware and click on a link that steals information. Hackers get a sellers’ information by sending emails from unfamiliar accounts that contain hacking software in the links. Once the sellers click on those links and log in again, the hackers obtain the username and password.
An Amazon seller should only provide their account information on the official Amazon website; they should never enter their information on a secondary website. The two-step verification process on the Amazon website makes it harder for hackers to gain access to your personal information, so as to protect your account.
Amazon will immediately suspend an account they suspect is hacked.
If an Amazon seller discovers that they have been hacked, the seller should notify Amazon immediately. The Amazon seller should log in from a different computer to avoid key logging issues that record their key patterns. The seller should also change their password with the two-step verification process.
Next, the suspended seller needs to search their account for any new users that may have been added as a result of the hack and immediately remove them. They can change their setting to “on vacation” until they resolve the issue.
Lastly, the Amazon seller should cancel and correct all changes to their account; this includes sales and products.
When a seller becomes aware that they are being hacked, they must inform Amazon. To ensure that personal information is not stolen, they also need to notify all of their business partners and employees. The seller should also contact their bank to ensure their information has not been altered in any way. A hacked Amazon seller may want to change all their bank information just to make certain that their information is safe. They should also go through their personal Amazon account and reach out to their credit card company, insurance company and any other organization listed.
It is important for Amazon sellers to be proactive with their account security.
All sellers should implement the two-step security process as a precautionary measure. As for hacking, an Amazon seller should not trust strange e-mails asking for their login, nor trust strange websites asking for their personal information. Another good business practice for Amazon sellers to implement is to routinely check their bank accounts and their Amazon account information. Stay up to date on any changes that seem unusual and notify Amazon if anything out of the ordinary occurs. Sellers should not use the same passwords on multiple accounts. For example, if the password to their e-mail account is “Bananas123,” an Amazon seller should not use that same password for their Amazon account.
Amazon has also seen an increase in hijacked listings. People use other trademarks as their own search terms. When the seller types in the search term, they are not given the true, trademarked item, but rather another seller who hijacked the listing. These sellers can be reported to Amazon for trademark infringement and Amazon will likely remove the seller.
Preventing your Amazon Account from Getting Hacked
A great way to help prevent an Amazon seller from having hijacked listings is to register their products with Amazon Brand Registry. However, some Amazon sellers have turned to service providers to perform “weekly sweeps”; once each week, trademarked items are checked to ensure others are not infringing on their rights.
Sample Letter to Amazon
Dear Seller Performance,
I am a principal of (Your Store), and we are writing to address possible unauthorized third-party access to our account.
I received a performance notification stating that my seller account may have been hacked and accessed by an unauthorized party. I was notified that my selling privileges had been suspended to protect my account.
Amazon required we take the following steps toward the reinstatement of our account. As requested, we have verified the accuracy of following information:
- Email address preferences
- Business, shipping and returns, and tax information
- Active and pending promotion codes
- User permissions
- Amazon Storefront
- Listings and condition notes
Furthermore, we have completed the following in order to regain control of our Seller Central account:
- Reset our password with a new, unique password that we do not use for any other account or website.
- We also changed our password for every account that had a similar password (including banking, accounting, and e-mail accounts).
- We also removed any outdated or unnecessary accounts for our Seller Central User Permissions.
- We now also change our password every ninety days as added protection.
- Set up Two-Step Verification in our Advanced Security Settings.
- Sent a confirmation e-mail by clicking the Appeal button next to this message on the Performance Notifications page in Seller Central.