Beware of Phishing and Account Takeover Attempts  

08/20/06

Return To Online Bookselling Home Page

Return To Blog Index

Just a week ago while attending the 2006 Independent Amazon Booksellers' Convention in Seattle, we were addressed by the Vice President of Security at Amazon.com and told of the improvements Amazon has made to their online marketplace security.  The improvements are dramatic, but not all inclusive.

As an independent bookseller there are a few things you can do to protect yourself and your marketplace account. 

1)     Do not reply to suspicious emails.  These can be quite sophisticated and made to look like legitimate messages sent by customers and/or  Amazon.com .  If the email asks you to click on any link to verify your identity or confirm account information, DO NOT click on the link.  Amazon.com will not send you an email with hyperlinks to confirm any kind of account information.  This kind of email is called a phishing email and if you respond, the information you provide might be used to takeover your account, post bogus listings in your inventory, or gather other information about your customers.

2)     Make sure you have antivirus protection installed on your computer. Two good software packages that were mentioned are Symantic and McAfee.

3)     Avoid participating in any kind of transaction that violates the Amazon.com (or other marketplace) guidelines.  You might be tempted to accept payment from a "customer" that contacts you directly, but fulfilling such an order may result in having your account closed by
Amazon.com and the customer may make a bogus payment for an expensive item that you never recover.

4)     Avoid the temptation to create account passwords that are too easy to crack.  A good practice is to create a password of eight characters having letters and at least one number.  You can make it even more difficult for hackers by establishing a practice of changing your
password at least every 90 days and never storing your passwords on your computer.  I know it can be a real inconvenience, my day job is in an environment where I have more than 10 computer accounts that each require password authorization.  I also have to change all of these passwords every 90 days and I am not permitted to use a password that I have ever used before.  All I need is another few on my personal accounts at home, e.g., 7 different email accounts, online banking accounts, online marketplace accounts, etc., to really confuse me, but I do maintain them all and regularly change every one of them.  I think the alternative of having any one of my marketplace accounts or online banking accounts hacked and drained would be a lot more inconvenient.

Amazon.com has taken direct communication with customers away from online sellers and for very good security reasons.  Hackers were taking over seller accounts and gaining access to the email addresses of Amazon.com customers.  The email addresses were then being sold and/or otherwise abused which was not appreciated by the customers.  You can still contact your buyers, but the email is being routed through Amazon.com so that it can be monitored for suspicious activity, e.g., a sudden flow of emails sent to all of your customers.

I hope these general tips are helpful, I will address the security details in greater detail in my newsletter, I hope you opt to subscribe.

You are visitor:

To This Page

Thank You For Visiting

Look Up Any Book On

Amazon.com, Just Click

Icon Below