HELP! MY AMAZON SELLER ACCOUNT WAS HACKED!

One of the saddest calls we get is from a seller who has
been hacked.  Some of our clients have
lost tens to hundreds of thousands of dollars to bad actors who seemingly can
enter their accounts at will…even when the seller cannot.

The problem was out of control last fall.  Amazon finally addressed the issue publicly, but the problem was vastly understated .  The announcement came from the UK even though most of our clients were US-based.  What made the last round so bad was that Amazon itself was apparently hacked.  Bad actors were able to get into sellers’ accounts through Amazon’s systems, as near as we could tell, and keep entering new bank information and emails without being caught by Amazon.

We brought the problem to Amazon’s attention through some of
our contacts.  We suspected there were
bad actors inside of Amazon making this happen. 
Amazon denies it.  Regardless of
who was hacking behind the scenes, the effect was that sellers were told they
were hacked, but their accounts were NOT frozen.  Bad actors were able to divert disbursements
again and again and there was nothing the seller could do about it.  They couldn’t get Amazon to freeze their
accounts.  Some tried to close their
accounts themselves to get relief.

Just so you know, Amazon’s process when there is a suspected
breach of any kind (embezzlement, hacking, etc.) is to freeze the account until
things can be sorted out with the account holder.  This protects the seller and Amazon.

Several went to law enforcement and were able to get help
from their local cyber crimes department. 
Others went to the FBI or the Secret Service.  Ultimately my clients were helped.  Some (not all) eventually got their money
back.  Most are selling again. We learned
a lot from these experiences.  Hopefully
you will never need this information…but just in case.

Q. I can’t get into my Amazon account!  Does that mean I’ve been hacked?

It might.  Amazon
freezes out sellers from their accounts for suspected hacking, yes, but also if
they suspect fraud or other serious crimes on your part.  Occasionally people get frozen out because of
glitches at Amazon.  You should get an
email if your account has been hacked or if you have been suspended for fraud.
Even though bad actors usually change the email addresses in the hacked
accounts, Amazon’s policy is to send warnings like this to the old email as
well as the new email.

Q. What should I do to get back into my account?

What you should try first is reaching out to Seller Support online.  Click on this link to get to Seller Support from outside Amazon

They will tell you to call: 
800-388-5512
or 206-922-0880.  This is the team
that will help you reset your password and login if they can.

Once you are in, you will want to see if you can find a
performance notification or case log file that explains why you were frozen
out.  If money has been dispersed or
inventory removed without your permission, inform Seller Support immediately.

Q. What if I still can’t get in?

If you’ve exhausted your options with the phone numbers
above and if they won’t or can’t tell you why your account is frozen, use
Twitter or Facebook.  There is a team at
Amazon that reads tweets and messages sent by social media.  You will need to tag Amazon to get their
attention, but they are usually pretty fast. 
They’ll give you a link where you can write up your problem and then
they’ll send it to the right group internally. 
Most of my clients have received a call back or an email within 24 hours
using this tactic.

Q. What if I’ve been hacked?

Amazon will need to verify you as the rightful account
owner.  After all, the hacker could be
spoofing your email and pretending to be you. 
We see that a lot lately with fake IP retractions.  Amazon assumes that all digital data has been
compromised.  We’ve seen them ask for
passports/driver’s license, birth certificates, personal social security
numbers and more.  They may try to
contact a relative to vouch for you. Give them what they need. If you’ve ever
had your identity stolen, you will understand what you are in for.  Assuming you can get back in, you’ll need to
check your bank account, Tax ID and other business data to see what was hacked
and if they stole money from you. 

Then take these steps:

  1. Report to law enforcement.  Then give the filing number to Amazon as
    proof that you are taking steps to fix the situation.  How interested law enforcement is in your
    case depends on how much money or property you’ve lost.  One seller, for example, had all his inventory
    removed from the warehouses and sent to an address in another state by the bad
    actor.
  2. Document everything.  Not only will you need it for law
    enforcement, you will need it for possible future legal action.  You will be asked for the same information
    over and over and over…so make yourself a PDF of all your evidence of the hack
    and what was taken.  Include a timeline
    of events.
  3. Hire a forensic computer analyst.
    Take your computer, phone, tablet and any other device you use to access your
    Amazon seller account to an expert.  If
    you have trouble finding one, ask a lawyer. 
    These are the guys who testify in court. 
    Their data preservation techniques and third-party neutrality help in
    lawsuits, and they help in hacking situations. 
    They are very good at finding traces. 
    You want to make sure that the hacker did not get in by inserting
    software into your machines.
  4. Beef up your digital security.  If you are not using a VPN when you are out
    of the office, for example, you should from now on.  This includes your phone as well as other
    devices.  Never surf the internet naked
    again.
  5. Hire a security expert to examine your
    network at work and make recommendations for programs on your devices that can
    detect and protect you from hacking. It could be the same person as #3 above.
    Your virus protection software and firewall are often not enough to stop a
    determined hacker.
  6. Fix your passwords.  If you are not using at least 10 randomly
    generated digits, characters and lower/upper-case letters for your passwords
    right now, get a program like Roboform or LastPass
    and never repeat a password ever.  There
    are people out there who still use passwords that are easy for them to
    remember.  You know who you are.  Stop it now.
  7. Look around you.  Statistically, most cyber theft like this is
    embezzlement from a trusted employee or relative.  Everyone I ever suggested that to was
    absolutely furious with me, but it’s true. 
    The best person to know your password and get into your account is
    someone you see every day.  Someone you
    trust.  At least consider it.  Because guess what? Amazon can tell if it is
    someone else at your office/home getting into your account.  If you can’t show you have a handle on your
    security problem, they won’t let you back on. 
    I had a client who refused to consider it despite the fact that Amazon
    TOLD her it was someone on her network doing this.  She never sold again.  Put your business first.  Your honest friends, family and co-workers
    will have no problem with you taking extra security measures.
  8. Turn on your Amazon 2-step verification. A
    lot of folks turn it off for their main laptop, their phone, etc., and
    automatically login. It’s a pain, but have it turned on for every browser,
    every device, every time. Otherwise, someone physically close to you or someone
    with control over your computer/phone can get into your account when you aren’t
    looking. 
  9. Put your account on hold.  If you gain access to your account, put it in
    vacation mode until you feel comfortable that it won’t happen again.  Once you talk to Amazon about what happened,
    take their lead.  They’ll give you advice
    about your account. Once they are alerted to the problem, they will be
    monitoring the situation and will shut down your account if the bank account or
    email is changed.

Q. How do I report to the FBI or Secret Service?

Justice Department – There’s a page with everything you need to know about reporting a federal cyber crime.  Most Amazon hacking is federal because the hack, money or inventory crosses state – and sometimes international – borders.

Internet Crime Complaint Center – a reliable (do you trust the government when they say that?) reporting mechanism to submit information to the FBI.  Even if nothing was stolen or the value was low, you should report it.  Sometimes these bad actors are part of a larger crime group.  Law enforcement may already be working on a case.

FBI find-a-field-office – for those of you who want to look a person in the eye and turn over your evidence.

Secret Service find-a-field-office — for those of you who want to look a person in the eye and turn over your evidence.  See below to determine if your case should go to the Secret Service.

Q. Which agency should I go to?

First you should see if your local police force has a Cyber
Crime Division and start there.  The FBI
is the next step (and your local Cyber Crime officer can help you contact them)
when there is money or property transported across state lines.  This kind of hack is also considered identity
theft which is a key initiative by the FBI.

The Secret Service is most interested in international
hacking rings and money transported out of the country.  If the hacker also inserted software into
YOUR machine, then the Secret Service might make sense.  They have a database of this kind of hack and
can often identify whether the hacker is part of a larger group by how your
system was breached.  It is most likely
the FBI would contact the Secret Service if this is suspected.

Q. What does law enforcement need from me?

  1. Amazon’s address for legal processes:

Amazon.com, Inc.

Corporation Service
Company

300 Deschutes Way
SW, Suite 304

Tumwater, WA  98501

Attn:  Legal Department – Legal Process

  • Timeline of events
  • Amount of $$ or physical property stolen.  You can run reports and/or take screenshots
    to prove your loss.
  • Bank account and email used by bad actor.
  • Proof of your identity, your business and your
    bank account
  • Your seller email and seller ID.  They will need that to communicate with
    Amazon about you.
  • An affidavit giving Amazon permission to share
    your seller information with law enforcement. 
    Get it notarized. It will make it easier for Amazon to cooperate with
    law enforcement.

I suggest having everything on a thumb drive and having
physical copies that you can leave with the police.  The notarized affidavit will need to be an
original, most likely, so sign multiple copies in case you work with multiple
groups.

Once you have the police report number, give it to your
insurance company and Amazon. 

Q. What if the hack is at Amazon and not with me?

In this case, if you are confident that it is not your system
or you personally that has been hacked, go to the FBI and report to the Cyber
Action Team that you believe Amazon has been hacked and why. If they believe
your report is credible, they will reach out to Amazon and take it from there.

One indicator that it is Amazon and not you is if your
account is NOT frozen, but the email, password and bank account are changed.  You notified Amazon of the theft and your
account is still open.  That’s what
happened to our clients last year.  The
bad guys kept their account open and kept stealing their money.  Once you’ve changed your password and taken
greater security measures, it’s more likely to be Amazon.

Q. Should I tell Amazon?

Yes. If they’ve been hacked, literally millions of Amazon
seller accounts are at risk.  Most likely
what will happen is that law enforcement will reach out to them for you, but
you can also tell Amazon that you’ve informed the FBI’s Cyber Action team and
provide them with a report number/case ID so they can talk to the FBI
themselves.

If you have a local Cyber Crime officer working on your
case, have him or her reach out to Amazon (see details above).  The police are much more credible to
Amazon. 

Q. What if I was the one that was hacked?

You should tell Amazon, and
request they unfreeze your account. 
Provide them with your case ID from the police and tell them the
specific steps you have taken (not “will take,” taken) to make sure it
never happens again. Write it like an appeal. 
Give the root cause, the steps you took and then what you’ve put in
place to make sure it never happens again. 
We help our clients with these types of appeals if you need it.

Q. How much does all this cost?

A lot.  Not only are you not selling every day, the
forensic search can cost hundreds to thousands of dollars, depending upon the
number of devices. Hiring a security expert to review your network for
weaknesses will cost a few hundred if you are a small operation.  There could be costs for proof of your
identity like a birth certificate or social security number (do you know where
your card is? Most of us don’t.)

 Q. Will my insurance cover my loss?

Obviously, this depends on your
policy.  Now might be a good time to
refresh the details in your mind.  Even
if your loss is covered, you probably have a deductible and the insurance
company usually has a ceiling on how much they pay.  Lastly, the insurance company is going to
want assurances that this theft was not due to negligence by you before writing
a check.  Your police report will help,
but you may also want to talk to a lawyer before you record your loss on that
recorded line.  Insurance companies are
looking for reasons to say “no,” particularly if the claim is large. You don’t
think it is your fault.  They might not
agree with you.

Some sellers didn’t have insurance,
so this loss hit them hard.

Q. Will they eventually trace
my money and get it back to me?

Maybe.  Some sellers got lucky and eventually their
money was traced and retrieved.  I
wouldn’t count on it though. 
Sophisticated hackers have already thought out how they are going to
hide the money from law enforcement.

Q. Will Amazon reimburse me?

No.  Here are some of the relevant passages from
our agreement with Amazon:

“…You are responsible for
maintaining the confidentiality of your account and password and for
restricting access to your account, and you agree to accept
responsibility for all activities that occur under your account or password…”

—————————-

“AMAZON WILL NOT BE LIABLE FOR ANY
DAMAGES OF ANY KIND ARISING FROM THE USE OF ANY AMAZON SERVICE, OR FROM ANY
INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUDING SOFTWARE) OR OTHER
SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH ANY AMAZON
SERVICE, INCLUDING, BUT NOT LIMITED TO DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES, UNLESS OTHERWISE
SPECIFIED IN WRITING.”

In
short, Amazon’s responsible for nothing.

Hopefully none of you will ever need this information.  Hacking is rare compared to other Amazon suspensions, but it does not hurt to be proactive.  If your security protocol could use improvement, take the time now to protect yourself, and while you may be confident that everyone around you is trustworthy, having 2-step verification always on and changing your passwords is just smart business. I imagine many of you have programs to wipe your phones or laptops if they are lost.  This is just one more sensible precaution.  Your livelihood is at stake and Amazon is not going to reimburse you if something goes wrong.

HOW CAN WE HELP YOU?

We are known for helping suspended sellers get
reinstated, but our goal is to keep sellers from being suspended in the first
place.  We have more than 25 team members passionately working 7 days a
week to protect Amazon sellers like you.  

Contact us for specific advice on your situation:

Email:  hello@egrowthpartners.com

Website:  https://egrowthpartners.com

Facebook: https://www.facebook.com/egrowthpartners

Twitter:   https://twitter.com/eGrowthPartners

Phone:  1-972-432-6398

Never miss an important update from us: Join Our Mailing List

JOIN US! 

NEWS NUGGETS

Our Facebook Group Amazon Seller Advocatesjust passed 775 members!  Join us for discussions of all things affecting Amazon sellers.  Understand the context behind news announcements, changes to TOS and more!  JOIN US!


Click here to join our Facebook Group!

The post HELP! MY AMAZON SELLER ACCOUNT WAS HACKED! appeared first on eGrowth Partners.

Leave a Reply

Got an third-party tool for selling on amazon to suggest? Let us know!

About

Curated Directory of Tools for Amazon Sellers |
Find the best amazon selling Tools based upon user reviews.

Navigation
Follow