It’s an unfortunate truth: wherever there is a growing, strong system, there will undoubtedly be people who will manipulate that platform to their advantage. This is especially true in our online world, where hackers have found ways to attack all major sites and software, even those once considered unhackable.
You may have heard of a recent surge of Amazon Seller accounts having security breaches. Hackers have been able to trick Amazon sellers into exposing their credentials—often via email or another insecure website. These hackers then use those credentials to either start their own site or to wire your money and sales to their bank account. Within your selling account, they can also take your personal information and data.
The worst part is that you may not even realize that they are doing this for weeks, months, or even years. The seller is the main target as consumers are protected by Amazon. So, while hackers may be taking advantage of both sides of the chain, you are the one getting hit the hardest.
This is a major concern for not only the health of your Amazon business but your entire life security and privacy as well. Hackers do their research about you and your site, and they are skilled at what they do. Don’t fall victim. Guard yourself against their attacks and play on the offensive. Here’s how:
1. ENABLE TWO-STEP VERIFICATION
This is the number one tip by all Amazon sellers: turn on two-step verification. This is a feature that asks for a unique code along with your password to add another layer of security. This additional verification only pops up on computers that you haven’t previously deemed “trusted.” So, if a hacker tries to get in on his computer with your password, he will be hit with the two-step verification and likely not have the code to get through.
HOW TO ENABLE TWO-STEP VERIFICATION:
- In your Seller Central, go to Advanced Security Settings and click Get Started for Two-Step Verification.
- Add your primary phone number where you will receive SMS codes from Amazon.
- Enter the code that was sent to your phone and click Verify Code.
- You will then need to add a backup phone number or download an authenticator app in the case that you need a backup additional verification.
Two-Step Verification only takes a few extra seconds on untrusted devices, and it is one of the strongest and simplest ways to protect you from a serious hack.
2. CHANGE AND MONITOR PASSWORDS
You should be changing your Amazon password regularly, especially if you’ve noticed suspicious behavior. Also, don’t use the same password that you use for other websites; doing so is a surefire way to ensure that a hacker can have access to various aspects of your life and cause more damage. Always keep your account credentials updated and monitored. Don’t share your password with anyone—not even your employees.
3. MANAGE USERS
Hackers love to take advantage of improperly set user permissions. If you have other employees working on your account, appropriately set up user pathways and permissions. No matter how trustworthy your workers are, they can accidentally let passwords and security violations get out. A single slip can lead to a significant number of problems. Ensure that each user has a specific set of permissions appropriate to their function. Train them on online and Amazon safety procedures and precautions.
4. ENABLE EMAIL NOTIFICATIONS AND MONITORING
Amazon offers several monitoring features that can alert you immediately if something seems funky with your account. Even something as simple as enabling email notifications will alert you within seconds if someone is doing actions through your Seller Central. For example, Amazon will email you if someone has signed on from a new device in a new location.
You can then go on to check what those actions were on your account. If you or your team didn’t perform that action, you’ve acknowledged a hacker in just minutes. Finding smaller threats in this way will help prevent larger ones in the future.
In the same vein, it’s important to note that Amazon will never ask for sensitive information via email. If you receive an email from “Amazon” asking for information, this could be a hacker. Only update your account and personal info directly through your Seller Central portal. If you notice any suspicious activity coming from Amazon, contact them directly to see if it is a legitimate email.
5. SET UP A SEPARATE BANK ACCOUNT
While it’s generally a good idea to keep your business account separate from your personal one for financial reasons, it can also help with security. If money seems to be missing or transactions look funny, you will be able to determine much faster in a separate Amazon-specific back account rather than hidden within your personal or company account.
Sending all payments directly to an Amazon-specific disbursement banking account—and then comparing that with invoices—can help catch hackers fast and early.
6. USE SUPPORTED BROWSERS AND SOFTWARE
Only log on to your Amazon account from supported browsers, whether on your computer or mobile device. Amazon’s supported browsers are Apple Safari; Google Chrome; Microsoft Internet Explorer; Mozilla Firefox; and Opera. Using other forms of browsers in conjunction with Amazon’s code could lead to leaks of information or insecure processes.
The same is true for software. If you are using any additional services or software to boost your Amazon platform, you want to first ensure its legitimacy. This goes beyond legitimacy of how well it will give you selling results; you should also check to see if there are any privacy or security concerns you should be aware of.
Furthermore, other websites or software (even on those supported platforms) can hack into your Seller Account by introducing invisible viruses. Be aware of the sites that you visit on your computer, and install anti-virus software that is run daily or weekly.
7. REVIEW AMAZON’S PRIVACY NOTICE
Amazon’s Privacy Notice does not directly deal with hackers, but it helps you understand how Amazon uses your personal and business information. It is important to know how Amazon accesses your info in order to safeguard against any inappropriate access to hackers.
8. UTILIZE AMAZON’S PGP
Amazon offers a public PGP that can allow you to send out sensitive information in an encrypted way. While this isn’t foolproof, it can be an extra defense if you are sending confidential credentials over an insecure method. You can find the PGP here.
Always report security issues to Amazon immediately. Chances are that you’re not alone in this hacking attack. If it’s unfamiliar, contact Amazon. It’s always better to be safe than sorry.
SECURITY BOTTOM LINE
Hackers love stealing Amazon seller credentials since they can then access your business and personal info—it’s like a double whammy! However, knowing the red flags and setting up simple precautions and notifications can save you from significant damage to your financials, privacy, and overall livelihood.