Last year, around 100 Amazon seller accounts were reportedly breached by cyber criminals, who funneled money they stole from from Amazon loans and customer sales into their own accounts.
The series of account takeovers are said to have taken place between May and October 2018, according to Bloomberg, citing redacted court records filed by Amazon’s U.K. attorneys.
Amazon said it could not comment on the ongoing court case, but its investigation into the matter is reportedly finished.
The accounts were not hacked; instead, sellers were tricked into surrendering their credentials in what’s commonly known as a phishing attack.
An Amazon spokesperson said that sellers occasionally receive phishing emails that appear to come from Amazon. The emails are aimed at fooling the sellers into entering their usernames and passwords into a fake website.
The company advises sellers not to attempt to login anywhere but Amazon’s website and only in a browser window they’ve opened themselves. More generally, opening links and documents received by email is a bad security practice.
The investigation, according to Bloomberg, determined that the criminals likely set up accounts at Barclays Plc and Prepay Technologies Ltd. to receive the stolen payments, a percentage of which Amazon itself paid out in loans to merchants.
In a statement, Barclays said it tries to shut down criminals’ accounts as quickly as possible.
Amazon encourages sellers who believe they’ve been targeted by phishing emails to contact the company at: stop-spoofing@amazon.com