Skip to content

AmazonWatch: Hacking Fraud Revealed

May 13, 2019

Between May and October last year, around 100 Amazon sellers lost money due to a widespread hacking operation.

The news broke late last week when Bloomberg reported on a document filed with UK courts last November. The filing has only just been made public.

Inside the Amazon Hack

Amazon Sellers hacked in 2018: How, and what can you do to stay safe?

Beginning on May 16th, 2018, hackers diverted the money in these Amazon Seller accounts to their own bank accounts, held with Barclays and with Prepay Technologies Ltd. That money included both sales revenue and loans from Amazon Capital Services.

The court filing was to help identify these hackers in order to shut down the operation and reclaim the stolen money.

Amazon believes the hack began with merchants providing login details after being tricked. This way of hacking someone’s account is known as phishing. Once they had access, they altered payment settings, redirecting them to their own account.

Amazon Capital Services (ACS) offers loans to UK sellers for up to one year. It’s not yet clear whether the hackers also applied for the loans they stole, in addition to sales revenue, or whether those loans were already taken out.

Why Amazon Sellers?

It’s often noted that Windows computers are targeted by more viruses than Apple computers, and that Apple computers are targeted by more viruses than Linux machines.

This – and Amazon Sellers being targeted – is a question of target audiences. There are more Windows computers, so the potential reach of a virus there is greater. Amazon presents perhaps the biggest online marketplace worldwide. Certainly in terms of active seller accounts, they’re likely to hold the lead.

So Amazon Sellers are a potentially huge market for scammers to target. Add in the potential in ACS loans (if those actually were taken out by the hackers), and it becomes even more tempting.

But there may be a third factor involved.

Amazon Sellers are used to working with a large, mostly automated system. The scale of Amazon’s operations mean it has to be automated. But that automation makes Sellers less likely to question an email asking them to follow a link and login. All the email has to do is look genuine.

News of this hack should be another reminder to everyone to double-check any unusual request for login details, payment credentials, etc.

  • Always double-check the URL of any link you follow from an email you weren’t expecting.
  • Make sure the SSL is in place before you enter any data.
  • Be careful with autofill – some sites have additional, invisible sections that may autofill and send too.

If you can, verify every ‘emergency’ independently before you react.

Meet Clare-Cormican One of Our Product Manager

Meet our Product Manager: Clare Cormican

We interview one of our four product managers here at Cloud Commerce Group. Introducing the…

Meet Our Head of Product: Ben Edge

Cloud Commerce Pro is pleased to introduce, the visionary and enthusiastic, Ben Edge as our…

Graphic displaying text 'Meet our MD: James Leech'

Meet Our MD: James Leech

With so much going on behind the scenes at Cloud Commerce Pro and our multichannel…

A headshot of CCP Customer Service Manager, Chelsea

Meet our Customer Service Manager

Introducing Chelsea Kelly our Customer Service Manager. With all things go at Cloud Commerce Pro,…

Request an Online Demo today…

or ask for a call-back chat to see how we can help grow your business.

  • Seamless Order Management

  • Simple, Predictable Pricing

  • Specialist Onboarding Team

  • Dedicated Training

  • UK-based Support Team

Scroll To Top