A new phishing scheme has emerged! Be careful with your Amazon account!

This new phishing method also contacts sellers via email, but because of last year's case, everyone has become more cautious about emails with links.

Therefore, this phishing technique is unique and implants the program in an unexpected place - the attached document.

Phishing email disguised as a tax notice email

The content tells the seller that the PDF attachment in the email is the seller’s tax invoice for a certain period of time in the past, and the seller needs to log in to the store account to view the specific tax details.

At this time, if the seller opens the attached PDF, the following dialog box will pop up, asking the seller to enter his store account and password.

Although this does not look like the backend login page at all, because there is a prompt in the email content, the seller can easily fill in his store account and password at this step, and then this information will be transmitted to the phishing scammers.

Using the login information in hand, phishing scammers can easily log into the seller's backend and be ready to steal the account funds at any time. Some scammers even know how to play the long game and transfer all the funds at once when the account balance is large.

Phishing against sellers actually takes advantage of the seller's carelessness and negligence to obtain account information, so developing a habit of being careful in everything can prevent more than 90% of phishing scams. What should we be careful about in our daily lives?

First, pay attention to the sender of the letter.

The sender is the most direct information to determine whether it is a phishing email. Here is an example of a phishing letter to illustrate.

At first glance, it looks like an email from the performance team. The green part is the same as the official email address, but please note that the green part is the sender name, which can be changed at will. The gray part I framed later is the real email address.

The address suffix of an official email is always @amazon.com. No matter what characters are added here, it will be treated as a phishing email, just like the "@mx-amazon.com" here. If it is inconsistent with the official address, it is very likely a phishing email.

Second, never enter your account password easily.

This step is the last step to prevent phishing. I suggest that you can develop a habit of taking a look at the address of the web page once you encounter a step that requires you to enter a password.

No matter what web page you open, the first page of the regular Amazon backend address is always sellercentral.amazon.com . Web pages without or with messy strings may leak the account information you entered.

Third, if you accidentally leak information, don’t panic.

Because Amazon sellers withdraw money from time to time, even if the scammers get the account information and enter the backend, they will have no money to transfer to them.

Therefore, many phishing scammers nowadays will not act immediately after obtaining account information, but will wait until the account balance is relatively large before transferring the money.

By taking advantage of this time difference, if the seller accidentally leaks the account information, you can also reinstall the system and change the account password before the scammers take action. Sellers who are not sure whether they have been phished can also take this method as a precaution.

PS. It is not recommended that you change the payment information as it is very easy to be audited during this period.

If you have also received the above email, please check your withdrawal records as soon as possible to see if there is any abnormality!

To deal with such fraud cases, information must be circulated. If you know about such scams early, you can easily see through them. So if you want to join our seller exchange group and get Amazon's hot information and news at the first time, please scan the QR code below to find me and add you to the group~

PS. If you want to join the seller discussion group, you can also private message me to let me add you to the group

Click to like and share your experience▼