November 16, 2020

Not-so-Fresh Phish: How to Avoid Seller Scams

By: Adam Hoagland

In this digital age, account hacking and information phishing are regular concerns and annoyances like robot calls.

But this doesn’t mean they are always obvious to spot.

Here’s some tips on what to look for and what actions to take with Amazon related phishing.

The Phishing For Account Info Scams

Phishing is a term used when a scammer sends fake email ID posing as Amazon and tries to acquire the personal details from you.

First, they send an email containing links to the seller and when clicked the links will redirect to a whole new space which will ask for your account credentials and credit card information.

Recently Amazon has introduced a two-step verification code to circumvent the increase of phishing scams.

Phishing ExampleAmazon will never send you an unsolicited message that asks you to provide sensitive personal information like your social security number, tax ID, bank account number, credit card information, ID questions like your mother’s maiden name or your password.

Amazon will never ask you to make a payment outside of the website and will never ask you for remote access to your device.

How to Keep Your Account Safe

Keep Your Selling Account Credentials Safe:

It may seem obvious, but NEVER share your bank or seller account information with anyone.

Even if someone allegedly calls you telling that they are an Amazon representative and asks you to log in with the code they provide, NEVER do it.

While Amazon may reach out via phone for some issues, they will never request this kind of information.

Turn On 2-Step Verification:

This is the best way to protect your account and the process is simple too.

A seller can sign into their account only via a two-step verification code which will be a random six-digit number. This code is usually sent from Google Authenticator to your smartphones, Amazon’s registered phone number and Amazon’s registered mail ID.

If you have not enabled it yet, do it now.

Always check the URLs and email IDs:

It is very essential that you understand the difference between a genuine and fake email ID.

Emails you receive from Amazon will always end with @amazon.com. Don’t believe any other email IDs.

Some of the fake email IDs used as follows:

  • amazon-security@hotmail.com
  • sellers-performance@payment-amazon.com
  • amazon-seller-payments@msn.com

Stay Sharp to Save Time and Money:

If you stay proactive and take proper steps to protect your banking information, account details and your products, then you might not even face such situations. But still, if you are targeted, you know what to do (and what not to).

Consider changing the e-mail address associated with your seller account so that phishers can’t use this e-mail address to contact you.

For example, if your seller account uses myinfo@myisp.com, consider using a new or different e-mail, such as changedinfo@myisp.com, for your contact information.

Do not use the same e-mail address as your sign in as you do for your customer contacts.

For example, if you use myname@myisp.com as your sign in account, consider using an e-mail address such as info@myisp.com for your notification or contact e-mail address.

Identifying false (spoofed) e-mails:

You might receive emails from Amazon, such as Sold, Ship Now emails or Technical Notification emails. However, sometimes you might receive emails that are not really from Amazon, even if at first glance they may appear to be. Instead, such emails are falsified and attempt to convince you to reveal sensitive account information.

  • Review the email for grammatical or typographical errors: Watch for poor grammar or typographical errors. Many phishing emails are translated from other languages or are sent without being proof-read.
  • Check the return address: Genuine emails from Amazon always will come from an address ending in “@amazon.com.” Check the email’s header information. If the “received from,” “reply to,” or “return path” for the email does not come from “@amazon.com,” it is not from Amazon. Most email programs let you examine the source of the email. The method you use to check the header information varies depending upon the email program you use.  The following are some examples of fraudulent return addresses:
      • seller-performance@payments-amazon.com
      • amazon-security@hotmail.com
      • amazon-payments@msn.com
  • Check the website address: Some phishers set up spoofed websites that contain the word “amazon” somewhere in the URL. Genuine Amazon websites always end with “.amazon.com”, “amazonsellerservices.com” or “sellercentral.amazon.com.” We will never use a combination such as “security-amazon.com” or “amazon.com.biz.”

Phishing scamsIf you are unsure, go directly to Amazon or the Seller Central website:

Some phishing emails include a link that looks as though it will take you to your Amazon account, but it is really a shortened link to a completely different website. If you hover over the link with your mouse when viewing the message in your email client, you often can see the underlying false website address, either as a pop-up or as information in the browser status bar.

Note: The hover technique can be fooled. If you do click on a link, always look at the URL in your browser when the page opens.

The best way to ensure that you do not respond to a phishing email is to always go directly to your seller account to review or make any changes to the account.

When in doubt, do not click on a link in an email.

Do not unsubscribe:

Never follow instructions contained in a forged email that claim to provide a method for unsubscribing.

Many spammers use these unsubscribe processes to create a list of valid, working email addresses.

Help stop phishers and spoofers:

You can make a difference.

Amazon has filed several lawsuits against phishers and spoofers. These lawsuits began with sellers alerting Amazon to suspicious emails. As part of their ongoing commitment to stop spoofing, you can help them investigate spoofed emails. Send them the original spoofed email, with the complete header information, using their report phishing form.

To locate the header information, configure your email program to show All Headers. (This varies, depending on the email program you use.)

The headers we need are well labeled and will look similar to this example:

  • X-Sender: someone@domain.com
  • X-Sender-IP: [10.1.2.3]
  • X-Date: Tue, 08 Apr 2003 21:02:08 +0000 (UTC)
  • X-Recipient: you@domain.com
  • X-OUID: 1

To report a phishing or spoofed email or webpage:

Open a new email and attach the email you suspect is fake. For suspicious webpages, copy & paste the link into the email body.

If you can’t send the email as an attachment, forward it. Send the email to stop-spoofing@amazon.com

Note: Sending the suspicious email as an attachment is the best way for Amazon to track it.

Note: Amazon can’t respond personally when you report a suspicious correspondence to stop-spoofing@amazon.com, but you may receive an automatic confirmation. If you have security concerns about your account, please contact Amazon.

Suspicious Phone Calls or Text Messages

Report any suspicious phone call or text message to the Federal Trade Commission (FTC). To report a phone call or text message visit ftc.gov/complaint and follow the onscreen assistant.

If you have any questions about these suspicious emails or anything else regarding your Amazon account give Riverbend a call! (877) 289-1017

Continue Reading