The security of your Amazon seller account is central to your business. It contains sensitive information that cybercriminals could use to commit fraud. Fortunately, this rarely happens. As the largest ecommerce platform in the West, Amazon is among the most trustworthy, safe, and reliable websites in the world. Still, it is prudent to remain vigilant. The following practices will help keep your information secure and minimize cyber risks.
Amazon Seller Central/Vendor Central Security Best Practices
- Set up Two-Step Verification for all of your Amazon accounts. This reinforces your password security, which greatly reduces the risk of unauthorized access if the password is compromised.
- Pick strong passwords that are different for each of your accounts and change them regularly. Use the following practices when creating passwords:
- Choosing the same password for each of your online accounts is like using the same key to lock your home, car, and office – if a criminal gains access to one, all of them are compromised.
- Use a long password made up of numbers, letters, and symbols.
- Avoid using publicly available information (for example: your phone number) in your passwords.
- Make sure that the email address or mobile number you use to log in to your account is up to date.
- If your business has multiple users, require each to set up their own account. Ensure that you regularly review secondary users who have access to your account and revoke access to users who no longer need access.
- Review your Notification Settings and ensure you have the required setup to receive notifications of important actions being taken on your account. Beware of phishing. Amazon never asks you to verify sensitive information via email. Submit such information only when completing an order on the Amazon website, registering to sell on Amazon, or updating account information in Seller Central. If you are ever in doubt about the authenticity of an email, visit the Amazon website directly by typing the address into your browser bar, rather than clicking any links.
What to Do If You Think Your Amazon Account Has Been Compromised
If you believe your Amazon account has been compromised, follow the steps below:
- Change your Seller Central login password. If you are not able to log in to your account, contact Seller Support.
- Review the following information in your account to determine if any changes have been made:
- Email address preferences
- Payment information
- User permissions
- Amazon storefront details
- Listing and condition notes
- Your email account might have been compromised as well. Consider changing the email address associated with your account and use a different password for your email account.
- If you receive emails or links that you suspect are phishing attempts, report them to email@example.com.
- Contact Seller Support immediately to report that your account has been compromised.
How to Identify Amazon Phishing Attempts
You might receive emails from Amazon, such as Sold, Ship Now emails, or Technical Notification emails. However, sometimes you might receive emails that are not from Amazon, even if at first glance they may appear that way. Such emails are falsified and attempt to convince you to reveal sensitive account information.
These false emails, also called “spoofed” emails or “phishing,” look similar to legitimate emails from Amazon. These emails often direct you to a fraudulent website that looks similar to an Amazon website, where you might be asked to give account information, such as your email address and password combination.
Unfortunately, these false websites can steal your sensitive information, which can then be used without your knowledge to commit fraud.
To protect yourself from responding to these emails, follow these simple rules:
- Know what Amazon won’t ask in an email: Amazon will not ask you for the following information in an email communication:
- Your bank account information, credit card number, PIN number, or credit card security code (including “updates” to any of the above)
- Your mother’s maiden name or other information to identify you, such as your birth city or your favorite pet’s name
- Your Amazon or Seller Central account password
- Review the email for grammatical or typographical errors: Watch for poor grammar or typographical errors. Many phishing emails are translated from other languages or are sent without being proofread.
- Check the return address: Genuine emails from Amazon in the U.S. always will come from an address ending in “@amazon.com”Check the email’s header information. If the “received from,” “reply to,” or “return path” for the email does not come from one of the sources above, it is not from Amazon. Most email programs let you examine the source of the email. The method you use to check the header information varies depending upon the email program you use. The following are some examples of fraudulent return addresses:
- Check the website address: Some phishers set up spoofed websites that contain the word “amazon” somewhere in the URL. Genuine Amazon websites always end with “.amazon.com”, “amazonsellerservices.com” or “sellercentral.amazon.com.” Amazon will never use a combination such as “security-amazon.com” or “amazon.com.biz.”
- When in doubt, go directly to Amazon or the Seller Central website: Some phishing emails include a link that looks as though it will take you to your Amazon account, but it is really a shortened link to a completely different website. If you hover over the link with your mouse when viewing the message in your email client, you often can see the underlying false website address, either as a pop-up or as information in the browser status bar.Note: The hover technique can be fooled. If you do click on a link, always look at the URL in your browser when the page opens. The best way to ensure that you do not respond to a phishing email is to always go directly to your seller account to review or make any changes to the account. When in doubt, do not click on a link in an email.
- Do not unsubscribe: Never follow instructions contained in a forged email that claim to provide a method for unsubscribing. Many spammers use these unsubscribe processes to create a list of valid, working email addresses.
- Use the features in Seller Central to track your orders: The Sold, Ship Now email notification is a useful tool. However, you can find the most accurate and up-to-date information for your orders using the Manage Orders feature in your seller account.
- If an offer sounds too good to be true, it probably is: Sometimes phisher emails will offer you deals, such as a discount or a free item, in return for completing a simple task, (for example, signing into your seller account). Amazon recommends that you never sign into your seller account by clicking on a link embedded in an email.
Channel Key Takeaway
The odds of your Amazon account being compromised are slim. Amazon is known to be vigilant about customer security, which includes sellers and vendors. But even Amazon’s secure infrastructure cannot protect you from phishing attempts or attacks on your personal devices, which might be used to access your seller account. The good news is that most threats can be avoided by following a few simple guidelines: 1) use two-factor authentication, 2) rotate passwords regularly, 3) install firewalls and anti-virus software, and 4) avoid clicking on links in emails (especially when you don’t know the sender). These simple proactive efforts will help keep your information safe so you can focus on running your business.