One of the saddest calls we get is from a seller who has
been hacked. Some of our clients have
lost tens to hundreds of thousands of dollars to bad actors who seemingly can
enter their accounts at will…even when the seller cannot.
The problem was out of control last fall. Amazon finally addressed the issue publicly, but the problem was vastly understated . The announcement came from the UK even though most of our clients were US-based. What made the last round so bad was that Amazon itself was apparently hacked. Bad actors were able to get into sellers’ accounts through Amazon’s systems, as near as we could tell, and keep entering new bank information and emails without being caught by Amazon.
We brought the problem to Amazon’s attention through some of
our contacts. We suspected there were
bad actors inside of Amazon making this happen.
Amazon denies it. Regardless of
who was hacking behind the scenes, the effect was that sellers were told they
were hacked, but their accounts were NOT frozen. Bad actors were able to divert disbursements
again and again and there was nothing the seller could do about it. They couldn’t get Amazon to freeze their
accounts. Some tried to close their
accounts themselves to get relief.
Just so you know, Amazon’s process when there is a suspected
breach of any kind (embezzlement, hacking, etc.) is to freeze the account until
things can be sorted out with the account holder. This protects the seller and Amazon.
Several went to law enforcement and were able to get help
from their local cyber crimes department.
Others went to the FBI or the Secret Service. Ultimately my clients were helped. Some (not all) eventually got their money
back. Most are selling again. We learned
a lot from these experiences. Hopefully
you will never need this information…but just in case.
Q. I can’t get into my Amazon account! Does that mean I’ve been hacked?
It might. Amazon
freezes out sellers from their accounts for suspected hacking, yes, but also if
they suspect fraud or other serious crimes on your part. Occasionally people get frozen out because of
glitches at Amazon. You should get an
email if your account has been hacked or if you have been suspended for fraud.
Even though bad actors usually change the email addresses in the hacked
accounts, Amazon’s policy is to send warnings like this to the old email as
well as the new email.
Q. What should I do to get back into my account?
What you should try first is reaching out to Seller Support online. Click on this link to get to Seller Support from outside Amazon.
They will tell you to call:
or 206-922-0880. This is the team
that will help you reset your password and login if they can.
Once you are in, you will want to see if you can find a
performance notification or case log file that explains why you were frozen
out. If money has been dispersed or
inventory removed without your permission, inform Seller Support immediately.
Q. What if I still can’t get in?
If you’ve exhausted your options with the phone numbers
above and if they won’t or can’t tell you why your account is frozen, use
Twitter or Facebook. There is a team at
Amazon that reads tweets and messages sent by social media. You will need to tag Amazon to get their
attention, but they are usually pretty fast.
They’ll give you a link where you can write up your problem and then
they’ll send it to the right group internally.
Most of my clients have received a call back or an email within 24 hours
using this tactic.
Q. What if I’ve been hacked?
Amazon will need to verify you as the rightful account
owner. After all, the hacker could be
spoofing your email and pretending to be you.
We see that a lot lately with fake IP retractions. Amazon assumes that all digital data has been
compromised. We’ve seen them ask for
passports/driver’s license, birth certificates, personal social security
numbers and more. They may try to
contact a relative to vouch for you. Give them what they need. If you’ve ever
had your identity stolen, you will understand what you are in for. Assuming you can get back in, you’ll need to
check your bank account, Tax ID and other business data to see what was hacked
and if they stole money from you.
Then take these steps:
Q. How do I report to the FBI or Secret Service?
Justice Department – There’s a page with everything you need to know about reporting a federal cyber crime. Most Amazon hacking is federal because the hack, money or inventory crosses state – and sometimes international – borders.
Internet Crime Complaint Center – a reliable (do you trust the government when they say that?) reporting mechanism to submit information to the FBI. Even if nothing was stolen or the value was low, you should report it. Sometimes these bad actors are part of a larger crime group. Law enforcement may already be working on a case.
FBI find-a-field-office – for those of you who want to look a person in the eye and turn over your evidence.
Secret Service find-a-field-office — for those of you who want to look a person in the eye and turn over your evidence. See below to determine if your case should go to the Secret Service.
Q. Which agency should I go to?
First you should see if your local police force has a Cyber
Crime Division and start there. The FBI
is the next step (and your local Cyber Crime officer can help you contact them)
when there is money or property transported across state lines. This kind of hack is also considered identity
theft which is a key initiative by the FBI.
The Secret Service is most interested in international
hacking rings and money transported out of the country. If the hacker also inserted software into
YOUR machine, then the Secret Service might make sense. They have a database of this kind of hack and
can often identify whether the hacker is part of a larger group by how your
system was breached. It is most likely
the FBI would contact the Secret Service if this is suspected.
Q. What does law enforcement need from me?
300 Deschutes Way
SW, Suite 304
Tumwater, WA 98501
Attn: Legal Department – Legal Process
I suggest having everything on a thumb drive and having
physical copies that you can leave with the police. The notarized affidavit will need to be an
original, most likely, so sign multiple copies in case you work with multiple
Once you have the police report number, give it to your
insurance company and Amazon.
Q. What if the hack is at Amazon and not with me?
In this case, if you are confident that it is not your system
or you personally that has been hacked, go to the FBI and report to the Cyber
Action Team that you believe Amazon has been hacked and why. If they believe
your report is credible, they will reach out to Amazon and take it from there.
One indicator that it is Amazon and not you is if your
account is NOT frozen, but the email, password and bank account are changed. You notified Amazon of the theft and your
account is still open. That’s what
happened to our clients last year. The
bad guys kept their account open and kept stealing their money. Once you’ve changed your password and taken
greater security measures, it’s more likely to be Amazon.
Q. Should I tell Amazon?
Yes. If they’ve been hacked, literally millions of Amazon
seller accounts are at risk. Most likely
what will happen is that law enforcement will reach out to them for you, but
you can also tell Amazon that you’ve informed the FBI’s Cyber Action team and
provide them with a report number/case ID so they can talk to the FBI
If you have a local Cyber Crime officer working on your
case, have him or her reach out to Amazon (see details above). The police are much more credible to
Q. What if I was the one that was hacked?
You should tell Amazon, and
request they unfreeze your account.
Provide them with your case ID from the police and tell them the
specific steps you have taken (not “will take,” taken) to make sure it
never happens again. Write it like an appeal.
Give the root cause, the steps you took and then what you’ve put in
place to make sure it never happens again.
We help our clients with these types of appeals if you need it.
Q. How much does all this cost?
A lot. Not only are you not selling every day, the
forensic search can cost hundreds to thousands of dollars, depending upon the
number of devices. Hiring a security expert to review your network for
weaknesses will cost a few hundred if you are a small operation. There could be costs for proof of your
identity like a birth certificate or social security number (do you know where
your card is? Most of us don’t.)
Q. Will my insurance cover my loss?
Obviously, this depends on your
policy. Now might be a good time to
refresh the details in your mind. Even
if your loss is covered, you probably have a deductible and the insurance
company usually has a ceiling on how much they pay. Lastly, the insurance company is going to
want assurances that this theft was not due to negligence by you before writing
a check. Your police report will help,
but you may also want to talk to a lawyer before you record your loss on that
recorded line. Insurance companies are
looking for reasons to say “no,” particularly if the claim is large. You don’t
think it is your fault. They might not
agree with you.
Some sellers didn’t have insurance,
so this loss hit them hard.
Q. Will they eventually trace
my money and get it back to me?
Maybe. Some sellers got lucky and eventually their
money was traced and retrieved. I
wouldn’t count on it though.
Sophisticated hackers have already thought out how they are going to
hide the money from law enforcement.
Q. Will Amazon reimburse me?
No. Here are some of the relevant passages from
our agreement with Amazon:
“…You are responsible for
maintaining the confidentiality of your account and password and for
restricting access to your account, and you agree to accept
responsibility for all activities that occur under your account or password…”
“AMAZON WILL NOT BE LIABLE FOR ANY
DAMAGES OF ANY KIND ARISING FROM THE USE OF ANY AMAZON SERVICE, OR FROM ANY
INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUDING SOFTWARE) OR OTHER
SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH ANY AMAZON
SERVICE, INCLUDING, BUT NOT LIMITED TO DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES, UNLESS OTHERWISE
SPECIFIED IN WRITING.”
short, Amazon’s responsible for nothing.
Hopefully none of you will ever need this information. Hacking is rare compared to other Amazon suspensions, but it does not hurt to be proactive. If your security protocol could use improvement, take the time now to protect yourself, and while you may be confident that everyone around you is trustworthy, having 2-step verification always on and changing your passwords is just smart business. I imagine many of you have programs to wipe your phones or laptops if they are lost. This is just one more sensible precaution. Your livelihood is at stake and Amazon is not going to reimburse you if something goes wrong.
HOW CAN WE HELP YOU?
We are known for helping suspended sellers get
reinstated, but our goal is to keep sellers from being suspended in the first
place. We have more than 25 team members passionately working 7 days a
week to protect Amazon sellers like you.
Contact us for specific advice on your situation:
Never miss an important update from us: Join Our Mailing List
Our Facebook Group Amazon Seller Advocatesjust passed 775 members! Join us for discussions of all things affecting Amazon sellers. Understand the context behind news announcements, changes to TOS and more! JOIN US!
A detailed comparison between Dropshipping vs Amazon FBA. Learn which business model suits your needs the best to boost…
‘I’ve already got Google Shopping up and running, and it is enough of a pain to manage that whole process, what do…
See for yourself why thousands of Amazon sellers from over 100 countries use eComEngine's powerful automation…
Got an third-party tool for selling on amazon to suggest? Let us know!
Curated Directory of Tools for Amazon Sellers |
Find the best amazon selling Tools based upon user reviews.