Amazon's Third-Party Sellers Hit By Hackers (foxbusiness.com)

← Back to Stories (view on slashdot.org)

Amazon's Third-Party Sellers Hit By Hackers (foxbusiness.com)

Posted by msmash on Monday April 10, 2017 @07:20AM from the security-woes dept.

Hackers are targeting the growing population of third-party sellers on Amazon.com using stolen credentials to post fake deals and steal cash. From a report: In recent weeks, attackers have changed the bank-deposit information on Amazon accounts of active sellers to steal tens of thousands of dollars from each (Editor's note: the link could be paywalled; alternative source), according to several sellers and advisers. Attackers also have hacked into the Amazon accounts of sellers who haven't used them recently to post nonexistent merchandise for sale at steep discounts in an attempt to pocket the cash, those people say. The fraud stems largely from email and password credentials stolen from previously hacked accounts and then sold on what's dubbed the "dark web," a network of anonymous internet servers where hackers communicate and trade illicit information. Such hacks previously have favored sites such as PayPal and eBay, but Amazon recently has become a target of choice, according to cybersecurity experts.

22 of 37 comments (clear)

Min score:

Reason:

Sort:

Yet another reason... by Gojira+Shipi-Taro · 2017-04-10 07:25 · Score: 1

I never go with that sort of 3rd party vendor. Not eligible for Prime shipping, not worth the risk in general. Not worth it on the off chance I'll save a buck or two to have it take far longer than I want, and perhaps not show up at all.

--
"Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
1. Re:Yet another reason... by CastrTroy · 2017-04-10 07:56 · Score: 3, Interesting
  
  I'll almost always go with Amazon if the item is available from them. However, being from Canada, I find that quite often going through third party Amazon sellers and eBay is really the only way of finding quite a few products online. Americans don't realize how much better their e-commerce selection is than what we get in Canada.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
2. Re:Yet another reason... by BronsCon · 2017-04-10 08:00 · Score: 2
  
  Meh... No need to restrict yourself only to Prime, just avoid deals that seem too good to be true. I buy from 3rd-party sellers all the time and I've only had one issue in the past 18 years, for which Amazon quickly facilitated a resolution (I kept the falsely advertised product and Amazon forced a full refund).
  
  The next closest thing I've had to an actual problem was with a power cable I ordered, wherein someone else had ordered what the 3rd-party seller had left in stock at the same time I ordered my single cable. The seller wrote me within an hour of placing the order to let me know they did not have the item (and why) and gave me the option of cancelling the order or waiting until they got more in stock. I opted to wait and, a few days later, heard from them that their supplier was also out of stock. The order has since been cancelled; I was never charged, so no refund was necessary.
  
  It's actually really easy to not get scammed when you buy 3rd-party on Amazon.
  
  Like... REALLY easy.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
3. Re:Yet another reason... by wonkey_monkey · 2017-04-10 08:37 · Score: 1
  
  and gave me the option of cancelling the order or waiting until they got more in stock
  They may have known they weren't getting any more, but wanted to try to get you to cancel the order instead of having to do it themselves, since then it doesn't have a negative impact on their account status.
  I've seen it a few times - sellers asking customers to cancel the orders that the seller can't fulfil.
  
  --
  systemd is Roko's Basilisk.
4. Re:Yet another reason... by BronsCon · 2017-04-10 08:51 · Score: 2
  
  They explicitly offered to (and suggested I let them) cancel the order, actually. The order only remained open because I still needed the cable at that time, but my need was not urgent. The second time around, I actually no longer needed the cable (I replaced the equipment it was for as it ended up failing for an unrelated reason) but was planning to keep the order so I'd have a spare for another piece of equipment which uses the same cable. Since I no longer have a specific need for the cable, I allowed them to cancel it the second time they offered.
  
  You do have to carry out your own due diligence when ordering 3rd-party on Amazon, but it's really not difficult to avoid the scams.
  
  Meanwhile, I ordered $700+ RAM, Prime, and was sent obviously opened (the outer seal stickers had clearly been peeled and re-stuck, and the tape on the inner packaging was cut) RAM. Not only that, but the product ID stickers had been swapped with other, cheaper, similar looking RAM; the speed, capacity, and serial numbers did not match what I ordered, nor did they match the stickers or packaging (which *did* match what I ordered).
  
  Again, that was Prime, fulfilled by Amazon. In fact, it's not the first time I've had that happen; they did the same with a ViewSonic 4k display, of which I had ordered two.
  
  But, and I can't stress this enough, Amazon was also quick to fix the issue. They always are, which is why I really don't care if they fuck up once in a while, or if a 3rd-party seller does try to scam me.
  
  I buy about 2/3 of my non-grocery items (and about 1/3 of my grocery items, for that matter) on Amazon, yet I have >90% of my product- or service-related issues with brick and mortar stores. Amazon (including 3rd-party sales) has a long way to fall before I'll consider the few issues I've had with them over the past 18 year to be a problem worth complaining about.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
5. Re:Yet another reason... by __aaclcg7560 · 2017-04-10 09:18 · Score: 1
  
  I've seen it a few times - sellers asking customers to cancel the orders that the seller can't fulfil.
  I had a situation where a third-party seller had granola bars for sale at a very good price. Only to find out that they kept five bucks of the sale and placed an order with Walmart. Since then I've ordered directly from Walmart and saved five bucks.
6. Re:Yet another reason... by R.Mo_Robert · 2017-04-10 09:22 · Score: 1
  
  I never go with that sort of 3rd party vendor. Not eligible for Prime shipping, not worth the risk in general. Not worth it on the off chance I'll save a buck or two to have it take far longer than I want, and perhaps not show up at all.
  What "sort" of third-party vendor would it be that you avoid? Non-Amazon sellers can and do sell with Prime shipping via the Fulfilled by Amazon (FBA) program. This is an option any seller has for each item/listing (not necessarily something they will do for all their items). The amount of protection you as a buyer receive is more or less the same under Amazon's policies. If all you're looking for is Prime, you've undoubtedly ordered from third-party sellers a lot without realizing it.
  
  --
  R.Mo
7. Re:Yet another reason... by Dogtanian · 2017-04-10 10:39 · Score: 1
  
  Only to find out that they kept five bucks of the sale and placed an order with Walmart.
  Did they have Walmart ship it to you direct with their branding intact? (And probably treated by them as no more than an order with a different billing and delivery address- the former being the supplier's, and the latter yours, I'm guessing).
  
  If so, that might sound stupid- but then I'm guessing their business plan was only ever intended to be quick-n'-dirty and short term, and took into account people doing what you did over the additional hassle of trying to get the goods shipped anonymously.
  
  --
  "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
8. Re:Yet another reason... by sexconker · 2017-04-10 12:03 · Score: 1
  
  But, and I can't stress this enough, Amazon was also quick to fix the issue. They always are, which is why I really don't care if they fuck up once in a while, or if a 3rd-party seller does try to scam me.
  The problem with this is that Amazon keeps a tally of everything they do for you. Even if they're correcting their own error, it counts against you.
  Once you hit a magical threshold, they black hole your account.
9. Re:Yet another reason... by __aaclcg7560 · 2017-04-10 12:24 · Score: 1
  
  Did they have Walmart ship it to you direct with their branding intact?
  Direct from Walmart with a Walmart return address on it.
  
  If so, that might sound stupid- but then I'm guessing their business plan was only ever intended to be quick-n'-dirty and short term, and took into account people doing what you did over the additional hassle of trying to get the goods shipped anonymously.
  Not necessarily. More elaborate operations may have 10,000+ items for sale, but no inventory is ever carried and each item is drop ship from the manufacturer.
10. Re:Yet another reason... by BronsCon · 2017-04-10 15:48 · Score: 1
  
  You think every other retailer out there doesn't do the same thing? Here's a hint: you only get so many returns at a given retailer; there are even a number of return tracking networks, comprised of multiple retailers, with many retailers belonging to multiple such networks. At least, that's how it was when I got out of retail nearly a decade ago; I can only imagine it's gotten worse since then.
  
  It's actually tracked as rate of returns, e.g. X returns in Y time, and no, Amazon is nowhere near strict enough for me to worry about it. I've had two returns which, alone, total over $1200, in addition to a number of other returns, cancelled orders, and instances where I needed to return an item and Amazon didn't deem it worth the cost of shipping and simply issued a refund while allowing me to keep the item. If they were going to "black hole" my account, it would have been done by now.
  
  But, then, I place more than 60 orders per month with them, as I tend to split my orders up by project or category, for accounting purposes (such is the reality of running a business, it's more complicated to split a parts and supplies receipt than it is to order the parts separately from the supplies) and I can count on fingers and toes how many problem orders I've had in 18 years.
  
  In short, yes, they do that; but only if you're blatantly abusing their return policy. They didn't even question me when I told them I needed to return $700 RAM and needed an immediate refund so I could re-order it (replacement was not an option, for some reason); they issued the refund with no hassle, before the UPS pickup was even scheduled, let alone the item picked up or actually returned to them. But, then, I have a nearly two decade relationship with them and, in recent years, have been spending $30-50k annually with them.
  
  Maybe that's why they seem willing to bend over backwards for me.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
11. Re:Yet another reason... by sexconker · 2017-04-10 17:52 · Score: 1
  
  Yes, they all do it. But Best Buy can't track what I pay for in cash. Amazon by its nature knows my account, address, etc., and is much more hostile when it decides to nuke a user. You've simply never seen it happen. I've known people who have had accounts nuked to the point that other accounts shipping to the same address taken out as well.
  And with Best Buy or any other retailer, you can go to a physical store and demand answers. With Amazon, all you can do is call the help line and listen to a guy in India read a script, do the text version of the same with a support chat, or send an email off into the void.
12. Re:Yet another reason... by BronsCon · 2017-04-10 18:26 · Score: 1
  
  I can't say I've ever gotten Indian support from Amazon, nor have I ever had them ignore an email; and yes, I've taken them to task over my affiliate account in the past. No, they don't ignore valid support complaints. Nice hyperbole, though.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Re:I got burned too many times from vendors by ryanmetcalf · 2017-04-10 08:30 · Score: 2

In the case of a 3rd party merchant on Amazon, they would never see your card # if it was paid through the Amazon portal. The same goes for if you pay for an eBay purchase through PayPal, all the merchant sees is a deposit and a transaction #. They never get their hands on your card # once.
Takes way too long for Amazon to shut these down. by fishscene · 2017-04-10 08:38 · Score: 1

I accidentally ordered something 3rd party. They shipped it to a different state and I filed an A-Z claim after I saw to my horror, about a dozen people reporting the same thing. I got my money back, but it took Amazon over a month to shut down the account after I had my claim resolved. Meanwhile, reviews were popping up several times a day claiming to be scammed by the seller. I joked about becoming a scam seller so I could get free money from anyone not filing a claim. But yea, over a month of daily orders going south to close an account? Not cool. I don't mind ordering 3rd party, but they had better have several good reviews over a long period of time.
Re:What should victims of the scam do? by toonces33 · 2017-04-10 08:57 · Score: 1

The only real victim is Amazon. Log into Amazon, and click the "Get Help with Order" button. I have heard it takes a week or two, but they should refund your money.
Re:That explains it by AmiMoJo · 2017-04-10 09:23 · Score: 2

I've been getting this since late last year. Items advertised as "used for display in my shop, like new" and an email address they tell you to contact first. For kicks I tried it and they sent me an Amazon payment link, which obviously I reported.
With price alerts (I use CamelCamelCamel) they set the price so that it exactly hits your limit. They try to obfuscate it using the shipping, e.g. 252.00 for the item and 48.00 shipping.

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Why isn't Amazon more pro-active here? by RDW · 2017-04-10 09:29 · Score: 1

Experienced customers can spot most of the scams easily. A small trader who has good feedback for selling a couple of lawn chairs a week suddenly has a vast portfolio of 4k TVs, top of the range dSLRs and high-end laptops, all at half price. A naive customer doesn't look beyond the overall feedback score, or see anything odd in the line in the description that asks them to contact the seller before purchasing, or in the official looking email they get back that links to an 'Amazon' purchase page that helpfully relieves them of their cash. But Amazon isn't naive, and has vast resources they could be using to clamp down on this sort of scam. Why not have an easy way of reporting obviously hacked accounts, rather having to dig through their help system looking for something vaguely appropriate? Why not keep a close watch on the lowest prices of popular items that are repeatedly used as bait? I used to see pretty regular price alerts on a camera lens in my saved item list that invariably turned out to be scams. Why not search item descriptions for email addresses (or obvious address obfuscations) inviting purchasers to contact the seller outside Amazon? Scammers often re-use the same text, and even the same email addresses, for the next hacked account. Why doesn't anyone check when a long-standing seller's established shopfront changes drastically overnight? Basic analytics ought to ring alarm bells here.
1. Re:Why isn't Amazon more pro-active here? by swb · 2017-04-10 09:55 · Score: 2
  
  My guess is they have some model that says being "proactive" reduces scams by $x but has a side effect of reduced $y legitimate sales, too, along with the risk of some big negative publicity when a legitimate seller has his account cancelled or something.
  I don't know, but I suspect a major growth sector for Amazon is basically competing with the flea market over at Ebay and not creating a bunch of ill will against that type of seller means something to them.
  IMHO, Amazon should have fewer flea market sellers and the crappy intermingling of substandard SKUs, but apparently Amazon doesn't think so.
  I do give them credit, though, I've sold one thing through Amazon (spare, unused and unopened 512GB SSD) and it was a pretty slick process.
2. Re:Why isn't Amazon more pro-active here? by RDW · 2017-04-10 10:13 · Score: 1
  
  My guess is they have some model that says being "proactive" reduces scams by $x but has a side effect of reduced $y legitimate sales, too, along with the risk of some big negative publicity when a legitimate seller has his account cancelled or something.
  Depressingly that may be true. Perhaps there's no simple way of reporting an obviously hacked account, because that would be admitting they exist, which could put off purchasers. But I think Amazon should be putting more resources into this behind the scenes. I've reported very blatant hijacked scam accounts in the past, and although they've eventually been blocked, the response has been downright sluggish. Surely an invitation to contact the 'seller' outside Amazon is a direct violation of their terms and conditions? No legitimate seller should be doing this. Perhaps high profile news stories like this will give Amazon a bit of encouragement to tighten things up...
Wow by Neuronwelder · 2017-04-10 14:34 · Score: 1

I pretty much used to use 3rd party vendors on Amazon and other sites. Thanks for the warning.
Re:I know why by sexconker · 2017-04-10 17:48 · Score: 1

You're not the real LUDDITES guy. I know because Slashdot didn't detect your IP and apply the bonus formatting on LUDDITES .