AmazonWatch: Hacking Fraud Revealed

Between May and October last year, around 100 Amazon sellers lost money due to a widespread hacking operation.

The news broke late last week when Bloomberg reported on a document filed with UK courts last November. The filing has only just been made public.

Inside the Amazon Hack

Beginning on May 16^th, 2018, hackers diverted the money in these Amazon Seller accounts to their own bank accounts, held with Barclays and with Prepay Technologies Ltd. That money included both sales revenue and loans from Amazon Capital Services.

The court filing was to help identify these hackers in order to shut down the operation and reclaim the stolen money.

Amazon believes the hack began with merchants providing login details after being tricked. This way of hacking someone’s account is known as phishing. Once they had access, they altered payment settings, redirecting them to their own account.

Amazon Capital Services (ACS) offers loans to UK sellers for up to one year. It’s not yet clear whether the hackers also applied for the loans they stole, in addition to sales revenue, or whether those loans were already taken out.

Why Amazon Sellers?

It’s often noted that Windows computers are targeted by more viruses than Apple computers, and that Apple computers are targeted by more viruses than Linux machines.

This – and Amazon Sellers being targeted – is a question of target audiences. There are more Windows computers, so the potential reach of a virus there is greater. Amazon presents perhaps the biggest online marketplace worldwide. Certainly in terms of active seller accounts, they’re likely to hold the lead.

So Amazon Sellers are a potentially huge market for scammers to target. Add in the potential in ACS loans (if those actually were taken out by the hackers), and it becomes even more tempting.

But there may be a third factor involved.

Amazon Sellers are used to working with a large, mostly automated system. The scale of Amazon’s operations mean it has to be automated. But that automation makes Sellers less likely to question an email asking them to follow a link and login. All the email has to do is look genuine.

News of this hack should be another reminder to everyone to double-check any unusual request for login details, payment credentials, etc.

• Always double-check the URL of any link you follow from an email you weren’t expecting.
• Make sure the SSL is in place before you enter any data.
• Be careful with autofill – some sites have additional, invisible sections that may autofill and send too.

If you can, verify every ‘emergency’ independently before you react.