If you’ve seen something with a too-good-to-be-true price in the Amazon Marketplace lately, there’s probably a good reason for that. Or, rather, a bad one, as it seems some fraudsters’ new favorite trick is to hijack unsuspecting Amazon sellers’ accounts and fleece shoppers for every penny they can.
Hacks of Amazon seller accounts aren’t exactly new, but they’ve increased dramatically in recent weeks, The Wall Street Journal reports.
It works about the same way so many other hacks and breaches do: Usernames or email addresses and passwords that were stolen in some other breach are sold by those hackers to a whole next wave of would-be fraudsters who then use them to gain access to those users’ accounts on other sites.
Once a huckster has access to an Amazon account, they start using it for good old-fashioned fraud in one of two different ways. For active accounts, they change the bank deposit information and start raking in someone else’s cash. For largely inactive accounts, they create a whole bunch of non-existent merchandise listings to rake in the cash from the “sales” while they can.
Amazon sellers are becoming a target for pretty obvious reasons: There are lots of them, and they make lots of money to steal. One New York-based lawyer who represents Amazon sellers told the WSJ that more than a dozen of his clients have reported hacks, and many of them lost about half of their monthly sales ($15,000 to $100,000) as a result.
The hacks are on the rise, particularly the ones that target seldom-used seller accounts and take longer to notice. Those sellers then become the target of massive piles of customer complaints, when the ordered items never ship. And then customers demand refunds, which Amazon charges to the sellers who never actually received the funds in the first place.
“This has been a nightmare,” one seller still waiting for resolution after a month of back-and-forth told the WSJ.
Experts the paper consulted offered advice to both buyers and sellers to try to avoid being a fraud victim on Amazon.
First, shoppers should use some sense: If a high-profile, big-ticket item is showing up for half the price you’d normally pay, be suspicious. Odds are that seller is in some way up to no good.
As for the seller accounts, well, there’s a reason that every security expert advices you never to use the same password across multiple sites, and to enable two-factor authentication wherever possible. At least a billion user credentials have been stolen in recent years from Yahoo alone, to say nothing of all the other hacks and breaches that seem to happen on a near-daily basis.