For some time now hackers have been targeting Amazon seller accounts. Some symptoms of a hacked account are:
Your account has numerous products listed which you do not sell.
Customers are inquiring about transactions which you do not recall conducting, or you receive emails from Amazon which do not seem to correlate with your actual sales.
Your bank transfer has not arrived, and/or your bank information has changed.
You cannot log into your account.
If any of the above circumstances obtain, your account may have been hacked. Here are the steps to take in such a situation:
Change Your Password
Assuming you can still log into your account, do so, preferably from a different computer or device than you normally use, and change your password (Seller Central, Settings / Login settings and then the “Edit” button next to “Password”). You want to log in from somewhere other than your normal location in case the hacker has installed a keylogger on your system that records your keystrokes.
If you cannot still log in, contact Amazon (as described below under Notify Amazon) and explain that to them.
Remove Any Added Users
The hacker may have added users to your account. Those users will still be able to log in even if you change your main password, so you must remove any such users. In the current (2017-04-06) version of Seller Central, you would do so by going to Settings / User Permissions and deleting any “Current Users” or “Pending Users” that you do not recognize. You may also want to “Revoke access” if there are any “Amazon MWS Developer Permissions” set up that you cannot explain.
Set Your Account to “On Vacation”
This is particularly important if hackers have added bogus products to your account, but I would take this step in all cases, if only to calm the situation down. In the current (2017-04-06) version of Seller Central, you put your account on vacation by going to Settings / Account Info, then selecting “Going on a vacation?” next to the words “Listings Status”, then on the next screen select “Inactive” and “Save”.
Of course, if a hacker continues to have access to your account he can take it off vacation again, so this may need to be monitored and repeated.
DO NOT EMAIL AND WAIT FOR A RESPONSE. Rather, call Amazon Customer Service at 1-888-280-4331 (if that number has changed, Google a new one) and ask to be transferred to Seller Support. Tell Seller Support that you believe your account was hacked. Ask them to take the following actions:
Place your account on vacation and take whatever other action they would normally take for a hacked account.
Cancel any sales of bogus products made by your account, and to remove products you do not sell.
Tell you if your bank information has been changed, and to check into the status of any bank transfers, to see if monies have been transferred to accounts other than your own.
Recover any transfers that went to a bank account other than your own.
Remove any additional users that may have been added to the account (in case the hackers are somehow re-adding them as you delete them).
Amazon is known for its sluggish responses to calls for help on these matters, so be persistent.
After that, send an email to firstname.lastname@example.org saying something like (edit and elaborate as appropriate):
On April 6, 2017 I determined that my Amazon seller account (email address of account) had been hacked. Items have been listed that I do not sell, sales have taken place for products that I do not offer for sale, and money has been transferred to a bank account that is not my own. I have notified Seller Support and taken action to secure my account. Please take appropriate action on your end to secure my account, and please note my account with these facts.
Try to Determine What Happened
Your account may have been hacked by an outsider. Some of the attack vectors for that sort of hacking are:
Malware-laced “phishing” emails that fooled you into installing malware on your system, including emails where you may have clicked on attachments.
A malicious website that installed malware on your system.
A fake “Amazon” website, possibly one you reached by clicking a link in an email, that accepted your login credentials and saved them for use by bad actors.
Think back and see if you can remember what action you might have taken that could have led to the installation of malware on your system.
It is important to understand that your problem may also be the result of an inside job. Consider who else may have physical access to your computer and account, or who may know your username and password. You may want to keep all other users off of your account while you sort things out. Don’t get unnecessarily paranoid, but one should consider all possibilities.
Take Steps to Remediate
If your account has been hacked it is possible, perhaps likely, that it is because malware has been installed on the computer you use to access it. You should take steps to eliminate any installed malware. Those steps range from draconian to relatively mild.
The most severe step you can take is to purchase a new computer and use it. Generally I don’t recommend that, but it will fix the problem.
The next most severe step is a complete reinstall of your operating system. Most people would prefer to avoid this, as it involves re-setting up the system in its entirety, including reinstalling any software you had been using, reconfiguring everything . . . it’s a pain. However, this is the only action short of purchasing a new computer which is virtually guaranteed to eliminate any malware. (One does read about super-sneaky malware that hides in disk controller firmware and such . . . those would not be eliminated, but they also do not seem to be common.)
Next on the list and less severe than the above would be to roll back the operating system to a previous point in time. On Windows, this is accomplished using System Restore. Assuming your system has been creating restore points, you can tell Windows to roll back to a previous date, which you would select to be one from well before you believe the hacking occurred. This has a decent chance of eliminating the problem. This step may also roll back some changes you made to the system that you still want, but those are probably easily reinstated.
The least severe step, and one which you can take in combination with the rollback step, would be to run a scan of your system to eliminate any known malware. For Windows, I recommend installing and running the free edition of Malwarebytes. Unfortunately, although this is a very effective step to take, there is no guarantee that taking this action will eliminate whatever caused the problem in the first place. That is true even if the malware-eliminating software finds and eliminates some rogue program or programs on your system. It may still have missed the one that caused the problem, and there is no real way to know. The chief advantage of this step is that it makes no substantive changes to your system. That advantage may outweigh the uncertainty issue.
In addition to those steps, you will want to delete from your Amazon inventory any bogus items that hackers may have added.
Be Careful Out There
In order to prevent this issue from recurring in the future, it’s a good idea to practice sound Internet/Amazon hygiene:
Regularly (every two days) check your bank account, credit card, and user permission settings in Seller Central to make sure they have not been changed without your knowledge. Checking these regularly should enable you to report any unexpected changes to Amazon before money is exported from your account to that of a hacker.
Consider dedicating a computer to your sales activities. An old computer with a browser is usually sufficient; there is no great need for speed. (I do not do this due to the inconvenience, but it would provide greater security.)
Don’t open email attachments from people unknown to you.
Don’t open email attachments that appear to be from people known to you if you weren’t expecting them and the accompanying text does not ring true.
Don’t visit sketchy websites, or if you must, do it from a different computer than the one you use for your selling activities.
Don’t install software you don’t need.
Always be skeptical. Emails that in any sense say they want you to log into an account, or whose instructions if followed would result in you doing so, should be regarded with extreme skepticism. If you were to receive, for example, an email purportedly from Amazon.com that asked you to log into your account to check or verify something, do so by going directly to the Amazon (or other website) web address, NOT by clicking a link in the email. That link may take you to a fake website that will steal your login information.
Do not share your login password with anyone who doesn’t really need to know it. If you have people who need to take limited actions on your account, rather than giving them your password use the Seller Central features to create a user account with limited permissions.
Scan your system regularly (monthly, let’s say) with Malwarebytes or some other anti-malware product.
For Windows, make sure System Restore is operating and restore points are being created (a discussion of which is beyond the scope of this writeup). You can’t use them if you don’t have them.