In recent weeks hackers have been targeting third-party Amazon sellers; posting fake deals to steal cash. With stolen login credentials, hackers were able to post non-existent merchandise for sale at steep discounts in an attempt to pocket the cash.
How did they pull it off?
This latest attack is a net result from other hacks. Password credentials were stolen, resold on the dark web to other hackers and used to hijack accounts. PayPal and eBay have both dealt with similar hacks as of late, though these days Amazon seems to be that favoured target particularly as its third-party marketplace continues to grow.
“Hacking Amazon is becoming…increasingly a big deal,” said Juozas Kaziukėnas, chief executive of Marketplace Pulse, a business intelligence firm focused on eCommerce. “The value to be gained is bigger as Amazon grows.”
Amazon currently has an estimated total of two million sellers and third-party merchants in its marketplace – which collectively bring in more than half of their sales. Of those sellers, there are reportedly over 100,000 sellers and merchants that make over $100,000 per year.
Never click on a link you did not expect to receive.
This is the golden rule. Luring users to click on a link or open an attachment is the most common method. As we’ve explored in our tips for spotting a spoofing email, some email scams contain obvious spelling mistakes and poor grammar. Unfortunately, you will see much more sophisticated attacks that are nearly indistinguishable from genuine emails like the ones posing as financial institutions. Social media campaigns help hackers profile individuals as they are able to see what they would most likely click on.
Never reuse the password that you use for your main email account
If a hacker was able to crack the password on your main email account, they now have the keys to your virtual kingdom. Hackers can comb through your emails and find a treasure trove of your personal data: from banking information to passport details, furthering the hack to ID fraud. Trawling through personal details is the modern-day equivalent of dumpster diving in which case strong-stomached hackers comb through bins searching for personal documents.
Enable that “wipe my phone” option on your device
Use features such as Find my iPhone, Android Lost and Blackberry Protect for your devices. Even if you’ve lost your device for good, enable the feature to protect all of your personal information. We’re only human after all. A lot of the advice we give is technical in nature. Many of the techniques that hackers use, however, are targeted at us. It has become a skill of preying not only on people’s gullibility, but their naïvety.