Beware of new scams! Amazon sellers have been scammed

Last week we reported a serious Amazon seller information leak incident in which an Amazon internal employee packaged the seller information and sold it to a third party. Amazon also sent a group email to notify the sellers.

Although Amazon officially stated that only the sellers’ email addresses and phone numbers were leaked, and no further sensitive information was involved, every time a seller’s information is leaked, there is always a wave of phishing incidents. Therefore, we reminded everyone at that time to carefully identify the sender information recently and beware of phishing emails disguised as official notifications.

However, this time the scammers changed their approach and put some effort other than sending phishing emails. Foreign media have already reported that Amazon Prime members and even some sellers have fallen victim to the scam!

Foreign media reported that during the just-passed Amazon Prime Day, a large number of consumers became Prime members for the first time. These new members have recently received frequent calls from a team claiming to be "Amazon Prime Security" , saying that their Amazon accounts have been hacked and some things have been purchased with their accounts. Members are required to download phishing programs disguised as remote software to steal consumers' bank and Amazon account passwords.

Not only consumers have received such calls, but third-party sellers on Amazon have also received calls claiming to be from the Amazon team, also claiming that the seller's information has been leaked and that the seller needs to open a designated (phishing) URL to reset their store password. If the seller does so at this time, their password will be tricked out, resulting in the store balance being withdrawn.

In an example reported by foreign media, a small business seller from Bremerton followed the instructions of a fraudulent phone call claiming to be from Amazon's security center, entered his store account and password in the phishing address sent in the email, and subsequently lost nearly $7,000 in store balance.

At first glance, this group seems to be operating overseas. We Chinese sellers have not been affected due to language barriers. However, when I think about it, although the form and rhetoric of this telephone scam are very old-fashioned, if there really is a phishing scam call targeting Chinese Amazon sellers, it is still relatively difficult to prevent . The reason is actually related to Amazon officials.

In my last tweet, I analyzed how to prevent phishing emails. The most important thing is to look at the sender address of the email. Generally, addresses with extra letters are most likely fake.

However, if it is a phishing call, it is generally difficult to determine whether it is a scam from the phone number. And sellers who have opened Chinese cases should feel that if you check the phone contact, the call back from Amazon is never a fixed official number. Not only is the number random, but it may also be identified as a scam . In fact, Amazon China customer service uses some recycled second-hand landline numbers. If the second-hand number was used for fraud and then marked by the user, then even if the operator reclaims the number and assigns it to Amazon, the user's end mark will still show fraud.

Even the return calls from Amazon’s official cases may be identified as scam calls by mobile phones, which makes it more difficult for sellers to identify real scams and phishing calls.

In short, no matter whether it is truly official or not, if you encounter an attack asking you to enter your account password, always assume it is a phishing scam. Then check the phone number, website, and email sender address one by one. If you can't find any faults, I will tell you a very simple and easy-to-use identification method, which is to try filling in a wrong password.

Generally, phishing websites definitely do not have your original password, so they cannot determine whether the password you entered is correct or not . They will just assume that the password you entered is correct, and then log in to your store according to the password and account you entered.

So if you are not sure whether this is a phishing website, just try entering a wrong password. The real official website will definitely jump to the wrong page and tell you that your account and password are wrong. If it still displays normally after you enter the wrong password, then it is a phishing website.

Now is the critical period for sellers to prepare for Black Friday. Because of the information leakage incident, sellers need to pay extra attention to the security of their stores . At the same time, they must also do a good job of optimization and ranking improvement before the peak season to ensure product sales on Black Friday and Cyber ​​Monday.