Amazon is now requiring sellers
to use two-step verification to keep their accounts secure, but for at least one seller, the mechanism for keeping their account safe backfired when it was used to trick them into revealing their bank account information. Things went terribly wrong when the seller received the following message in Seller Central:
You have received a message from buyer - Seller Central Notification
A buyer has sent you a message regarding an item on your Amazon.com store. Please remember that you should not honor any requests to ship an item or complete a transaction outside Amazon.com.
Important Notification - Your Amazon Seller Account
To sell during this Holiday Season you must be in compliance with our guidelines.
Review the details here . Alternatively copy the link below and paste it in
Thanks for using Amazon!
"When I went to click on it it took me to the two step verification screen and then ask me to enter my bank account info to verify as a second credential," the seller wrote. One thing that made the spoof so convincing was that it linked to what appeared to be a legitimate two-step verification screen.
Another was the fact it wasn't an email - the message was in Seller Central, even though it was in the "buyer messages" section. It has to be more than a little embarrassing for Amazon that it allowed a scammer to include a phishing link in its messaging system - numerous sellers reported having received the message.
The incident shows how good scammers are getting, and how easy it is to be tricked by them. Sellers (and everyone online) should be extra vigilant! And bravo to the seller for sharing their experience on the Amazon boards as a warning to others.