Seller Central
Seller Forums

Amazon Seller Forums » Selling on Amazon » General Selling Questions

Thread: What To Do If Your Account Has Been Hacked

Permlink Replies: 26 - Pages: 2 [ 1 2 | Next ] - Last Post: 15 May, 2017 8:31 AM by: Dogtamer
bunga bunga

Posts: 11,589
Registered: 06 Mar, 12 11:20 AM
Posted on: 06 Apr, 2017 5:52 AM
Click to report abuse...   Click to reply to this thread Reply
For some time now hackers have been targeting Amazon seller accounts. Some symptoms of a hacked account are:

1) Your account has numerous products listed which you do not sell.

2) Customers are inquiring about transactions which you do not recall conducting, or you receive emails from Amazon which do not seem to correlate with your actual sales.

3) Your bank transfer has not arrived, and/or your bank information has changed.

4) You cannot log into your account.

If any of the above circumstances obtain, your account may have been hacked. Here are the steps to take in such a situation:

Change Your Password

Assuming you can still log into your account, do so, preferably from a different computer or device than you normally use, and change your password (Seller Central, Settings / Login settings and then the “Edit” button next to “Password”). You want to log in from somewhere other than your normal location in case the hacker has installed a keylogger on your system that records your keystrokes.

If you cannot still log in, contact Amazon (as described below under Notify Amazon) and explain that to them.

Remove Any Added Users

The hacker may have added users to your account. Those users will still be able to log in even if you change your main password, so you must remove any such users. In the current (2017-04-06) version of Seller Central, you would do so by going to Settings / User Permissions and deleting any "Current Users" or "Pending Users" that you do not recognize. You may also want to "Revoke access" if there are any "Amazon MWS Developer Permissions" set up that you cannot explain.

Set Your Account to “On Vacation”

This is particularly important if hackers have added bogus products to your account, but I would take this step in all cases, if only to calm the situation down. In the current (2017-04-06) version of Seller Central, you put your account on vacation by going to Settings / Account Info, then selecting “Going on a vacation?” next to the words “Listings Status”, then on the next screen select “Inactive” and “Save”.

Of course, if a hacker continues to have access to your account he can take it off vacation again, so this may need to be monitored and repeated.

Notify Amazon

DO NOT EMAIL AND WAIT FOR A RESPONSE. Rather, call Amazon Customer Service at 1-888-280-4331 (if that number has changed, Google a new one) and ask to be transferred to Seller Support. Tell Seller Support that you believe your account was hacked. Ask them to take the following actions:

1) Place your account on vacation and take whatever other action they would normally take for a hacked account.

2) Cancel any sales of bogus products made by your account, and to remove products you do not sell.

3) Tell you if your bank information has been changed, and to check into the status of any bank transfers, to see if monies have been transferred to accounts other than your own.

4) Recover any transfers that went to a bank account other than your own.

5) Remove any additional users that may have been added to the account (in case the hackers are somehow re-adding them as you delete them).

Amazon is known for its sluggish responses to calls for help on these matters, so be persistent.

After that, send an email to seller-performance@amazon.com saying something like (edit and elaborate as appropriate):

On April 6, 2017 I determined that my Amazon seller account (email address of account) had been hacked. Items have been listed that I do not sell, sales have taken place for products that I do not offer for sale, and money has been transferred to a bank account that is not my own. I have notified Seller Support and taken action to secure my account. Please take appropriate action on your end to secure my account, and please note my account with these facts.

Try to Determine What Happened

Your account may have been hacked by an outsider. Some of the attack vectors for that sort of hacking are:

1) Malware-laced “phishing” emails that fooled you into installing malware on your system, including emails where you may have clicked on attachments.

2) A malicious website that installed malware on your system.

3) A fake “Amazon” website, possibly one you reached by clicking a link in an email, that accepted your login credentials and saved them for use by bad actors.

Think back and see if you can remember what action you might have taken that could have led to the installation of malware on your system.

It is important to understand that your problem may also be the result of an inside job. Consider who else may have physical access to your computer and account, or who may know your username and password. You may want to keep all other users off of your account while you sort things out. Don’t get unnecessarily paranoid, but one should consider all possibilities.

Take Steps to Remediate

If your account has been hacked it is possible, perhaps likely, that it is because malware has been installed on the computer you use to access it. You should take steps to eliminate any installed malware. Those steps range from draconian to relatively mild.

The most severe step you can take is to purchase a new computer and use it. Generally I don’t recommend that, but it will fix the problem.

The next most severe step is a complete reinstall of your operating system. Most people would prefer to avoid this, as it involves re-setting up the system in its entirety, including reinstalling any software you had been using, reconfiguring everything . . . it’s a pain. However, this is the only action short of purchasing a new computer which is virtually guaranteed to eliminate any malware. (One does read about super-sneaky malware that hides in disk controller firmware and such . . . those would not be eliminated, but they also do not seem to be common.)

Next on the list and less severe than the above would be to roll back the operating system to a previous point in time. On Windows, this is accomplished using System Restore. Assuming your system has been creating restore points, you can tell Windows to roll back to a previous date, which you would select to be one from well before you believe the hacking occurred. This has a decent chance of eliminating the problem. This step may also roll back some changes you made to the system that you still want, but those are probably easily reinstated.

The least severe step, and one which you can take in combination with the rollback step, would be to run a scan of your system to eliminate any known malware. For Windows, I recommend installing and running the free edition of Malwarebytes. Unfortunately, although this is a very effective step to take, there is no guarantee that taking this action will eliminate whatever caused the problem in the first place. That is true even if the malware-eliminating software finds and eliminates some rogue program or programs on your system. It may still have missed the one that caused the problem, and there is no real way to know. The chief advantage of this step is that it makes no substantive changes to your system. That advantage may outweigh the uncertainty issue.

In addition to those steps, you will want to delete from your Amazon inventory any bogus items that hackers may have added.

Be Careful Out There

In order to prevent this issue from recurring in the future, it’s a good idea to practice sound Internet/Amazon hygiene:

Regularly (every two days) check your bank account, credit card, and user permission settings in Seller Central to make sure they have not been changed without your knowledge. Checking these regularly should enable you to report any unexpected changes to Amazon before money is exported from your account to that of a hacker.

Consider dedicating a computer to your sales activities. An old computer with a browser is usually sufficient; there is no great need for speed. (I do not do this due to the inconvenience, but it would provide greater security.)

Don’t open email attachments from people unknown to you.

Don’t open email attachments that appear to be from people known to you if you weren’t expecting them and the accompanying text does not ring true.

Don’t visit sketchy websites, or if you must, do it from a different computer than the one you use for your selling activities.

Don’t install software you don’t need.

Always be skeptical. Emails that in any sense say they want you to log into an account, or whose instructions if followed would result in you doing so, should be regarded with extreme skepticism. If you were to receive, for example, an email purportedly from Amazon.com that asked you to log into your account to check or verify something, do so by going directly to the Amazon (or other website) web address, NOT by clicking a link in the email. That link may take you to a fake website that will steal your login information.

Do not share your login password with anyone who doesn’t really need to know it. If you have people who need to take limited actions on your account, rather than giving them your password use the Seller Central features to create a user account with limited permissions.

Scan your system regularly (monthly, let’s say) with Malwarebytes or some other anti-malware product.

For Windows, make sure System Restore is operating and restore points are being created (a discussion of which is beyond the scope of this writeup). You can’t use them if you don’t have them.

bunga bunga!
WWJBD

Posts: 5,782
Registered: 29 Aug, 14 6:07 PM
Posted on: 06 Apr, 2017 5:54 AM   in response to: bunga bunga in response to: bunga bunga
Click to report abuse...   Click to reply to this thread Reply
Great post

Should be pinned
gomedia

Posts: 440
Registered: 22 Jan, 14 6:37 PM
Posted on: 06 Apr, 2017 6:41 AM   in response to: bunga bunga in response to: bunga bunga
Click to report abuse...   Click to reply to this thread Reply
Great post, Bunga!
Puppers

Posts: 763
Registered: 18 Nov, 12 2:33 AM
Posted on: 06 Apr, 2017 7:16 AM   in response to: bunga bunga in response to: bunga bunga
Click to report abuse...   Click to reply to this thread Reply
Very helpful post. Definitely should be pinned. Thanks for taking the time to create it.
as_the_pages_turn

Posts: 773
Registered: 01 Mar, 12 3:28 PM
Posted on: 06 Apr, 2017 7:50 AM   in response to: bunga bunga in response to: bunga bunga
Click to report abuse...   Click to reply to this thread Reply
I would suggest adding 2-step verification when changing password so it is more difficult to change password again.
bunga bunga

Posts: 11,589
Registered: 06 Mar, 12 11:20 AM
Posted on: 06 Apr, 2017 8:01 AM   in response to: as_the_pages_turn in response to: as_the_pages_turn
Click to report abuse...   Click to reply to this thread Reply
I would suggest adding 2-step verification when changing password so it is more difficult to change password again.

Yes, that's a good idea.

Seller Central -- Settings / Login Settings / Advanced Security Settings: Edit

bunga bunga!
The Efac

Posts: 1,488
Registered: 03 Jun, 13 3:36 AM
Posted on: 06 Apr, 2017 8:13 AM   in response to: bunga bunga in response to: bunga bunga
Click to report abuse...   Click to reply to this thread Reply
Thanks for the update and tips Bunga Bunga - Sorry to hear.
Some of the smartest people are getting Hacked.
Maybe were in the wrong business?

Did you happen to do any cockroach test buys recently?
I am seeing calls/text and intl calls like never before - only after doing the recommended Test Buy.

Until there is a flow of news about arrests and convictions it is open season on the innocent and there is zero help for the unsuspecting victims.
bunga bunga

Posts: 11,589
Registered: 06 Mar, 12 11:20 AM
Posted on: 06 Apr, 2017 2:07 PM   in response to: The Efac in response to: The Efac
Click to report abuse...   Click to reply to this thread Reply
Thanks for the update and tips Bunga Bunga - Sorry to hear.
Some of the smartest people are getting Hacked.

To be clear -- we were not hacked.

bunga bunga!
Living in a Van...

Posts: 3,979
Registered: 02 Aug, 12 9:19 PM
Posted on: 06 Apr, 2017 2:26 PM   in response to: bunga bunga in response to: bunga bunga
Click to report abuse...   Click to reply to this thread Reply
bump - great post!
EAS

Posts: 4,951
Registered: 01 Mar, 12 7:14 AM
Posted on: 06 Apr, 2017 2:44 PM   in response to: bunga bunga in response to: bunga bunga
Click to report abuse...   Click to reply to this thread Reply
bunga bunga wrote:

Some of the smartest people are getting Hacked.


Nothing really smart about not reading the notice in Seller Central and using the Two-Factor Authentication feature that was started a while ago.

That would help to rule out a great deal of many "outside" hacking attempts.
bunga bunga

Posts: 11,589
Registered: 06 Mar, 12 11:20 AM
Posted on: 06 Apr, 2017 3:15 PM   in response to: EAS in response to: EAS
Click to report abuse...   Click to reply to this thread Reply
bunga bunga wrote:
Some of the smartest people are getting Hacked.

Nothing really smart about not reading the notice in Seller Central and using the Two-Factor Authentication feature that was started a while ago.

I didn't write "Some of the smartest people are getting Hacked"; I mis-formatted the post in which I quoted that. Someone else wrote it.

For our part, we started using the Two-Factor Authentication as soon as it became available. It would have been ridiculous not to, considering that I have been pounding the table for it since forever, e.g.:

https://sellercentral.amazon.com/forums/message.jspa?messageID=3553955#3553955

bunga bunga!
Rushdie

Posts: 8,591
Registered: 15 Apr, 12 2:33 AM
Posted on: 09 Apr, 2017 1:32 PM   in response to: bunga bunga in response to: bunga bunga
Click to report abuse...   Click to reply to this thread Reply
Sunday afternoon bump.
Curious Reseller

Posts: 15
Registered: 24 Mar, 13 7:53 PM
Posted on: 09 Apr, 2017 4:01 PM   in response to: Rushdie in response to: Rushdie
Click to report abuse...   Click to reply to this thread Reply
My account was hacked . While I haven't done all these steps listed I am still trying to get to the bottom of this. My disbursement went out to the hackers bank. I realized 12hrs after my disbursement initiated . Since trying to get this cleared up my account has locked me out but since then opened back up. Is there a specific dept you recommend me contacting to get the disbursement stopped ? It initiated 4/4/17 and I notified them on 4/5/17 or is there no longer any hope. It was a large sum of money over $50,000 . Thankfully this was I had a loan repayment so the disbursement was for "less" than what it could have been. Is amazon to be held liable for this? Is there a someone REAL to get in touch with ?

Thanks
Curious Reseller

Posts: 15
Registered: 24 Mar, 13 7:53 PM
Posted on: 09 Apr, 2017 4:03 PM   in response to: bunga bunga in response to: bunga bunga
Click to report abuse...   Click to reply to this thread Reply
Was meant for you bunga::

My account was hacked . While I haven't done all these steps listed I am still trying to get to the bottom of this. My disbursement went out to the hackers bank. I realized 12hrs after my disbursement initiated . Since trying to get this cleared up my account has locked me out but since then opened back up. Is there a specific dept you recommend me contacting to get the disbursement stopped ? It initiated 4/4/17 and I notified them on 4/5/17 or is there no longer any hope. It was a large sum of money over $50,000 . Thankfully this was I had a loan repayment so the disbursement was for "less" than what it could have been. Is amazon to be held liable for this? Is there a someone REAL to get in touch with ?

Thanks
bunga bunga

Posts: 11,589
Registered: 06 Mar, 12 11:20 AM
Posted on: 09 Apr, 2017 4:16 PM   in response to: Curious Reseller in response to: Curious Reseller
Click to report abuse...   Click to reply to this thread Reply
Please start a new thread with questions; do not add to this one unless you are adding advice on what to do if your account has been hacked.

I said in the post whom to contact.

bunga bunga!