AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Wed Nov 15 2017 10:56:22

Amazon Security Requirement Backfires for Seller

By: Ina Steiner

Sponsored Link

Amazon is now requiring sellers to use two-step verification to keep their accounts secure, but for at least one seller, the mechanism for keeping their account safe backfired when it was used to trick them into revealing their bank account information. Things went terribly wrong when the seller received the following message in Seller Central:

You have received a message from buyer - Seller Central Notification
A buyer has sent you a message regarding an item on your Amazon.com store. Please remember that you should not honor any requests to ship an item or complete a transaction outside Amazon.com.
Message:

Important Notification - Your Amazon Seller Account

To sell during this Holiday Season you must be in compliance with our guidelines. 
Review the details here . Alternatively copy the link below and paste it in 
your browser:....

Thanks for using Amazon! 
Amazon.com

"When I went to click on it it took me to the two step verification screen and then ask me to enter my bank account info to verify as a second credential," the seller wrote. One thing that made the spoof so convincing was that it linked to what appeared to be a legitimate two-step verification screen. 

Another was the fact it wasn't an email - the message was in Seller Central, even though it was in the "buyer messages" section. It has to be more than a little embarrassing for Amazon that it allowed a scammer to include a phishing link in its messaging system - numerous sellers reported having received the message.

The incident shows how good scammers are getting, and how easy it is to be tricked by them. Sellers (and everyone online) should be extra vigilant! And bravo to the seller for sharing their experience on the Amazon boards as a warning to others.




Comments (6) | Permalink

Readers Comments

Amazon Security Requirement Backfires for Seller   Amazon Security Requirement Backfires for Seller

This user has validated their user name. by: eXtinctBay

Wed Nov 15 11:53:16 2017

Did Amazon hire the programmers who were fired from eBay & Equifax to come up with the two-step verification??

Maybe (like on the TV show CSI Cyber) they should both hire ''black hats'' who used to thrive on the dark web to combat scammers. Or do they even care???

Amazon Security Requirement Backfires for Seller   Amazon Security Requirement Backfires for Seller

by: mcposty This user has validated their user name.

Wed Nov 15 13:02:53 2017

equifax did it on purpose, please see the millions they are given from the government to fix their " mistake"

Amazon Security Requirement Backfires for Seller   Amazon Security Requirement Backfires for Seller

This user has validated their user name. by: Ina

Wed Nov 15 14:47:00 2017

One lesson learned from this case: if you have 2 factor verification set up, and you don't receive a text or phone call with a code, don't proceed. But the biggest takeaway is to try to always be on your guard.

Another thought - I didn't know Amazon allowed buyers to include links in messages to sellers. I wonder why.

Amazon Security Requirement Backfires for Seller   Amazon Security Requirement Backfires for Seller

This user has validated their user name. by: Ming the Merciless

Wed Nov 15 15:31:25 2017

Surely ebafia and the Sewage Canal can do much more the make sellers' lives as difficult and burdensome as possible during the holiday buying season.

Amazon Security Requirement Backfires for Seller   Amazon Security Requirement Backfires for Seller

by: a_c_green This user has validated their user name.

Thu Nov 16 10:35:22 2017

> Did Amazon hire the programmers who were fired from
> eBay & Equifax to come up with the two-step verification??

I'd love to see eBay fire their programmers, but I doubt it's ever happened. ;-)

Amazon Security Requirement Backfires for Seller   Amazon Security Requirement Backfires for Seller

by: mindelec This user has validated their user name.

Thu Nov 16 16:48:10 2017

The most obvious clue that something wasn't right was that the message was from a buyer, the second obvious one was asking for banking info.

This 2 step verification is a royal PITA, everytime I check the box that my home computer is "ok" and everytime I have to go running for my phone to enter in a code.



Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.