Couldn’t imagine life without Amazon? You’re not alone! It’s no surprise really, given this leading marketplace’s incredible range and the ease at which you can shop. You can really find almost anything on Amazon, with more and more manufacturers offering their product ranges directly on the platform. But due to its huge global presence, Amazon is also an attractive target for cybercriminals. Read on to learn how to tell if your Amazon account has been hacked. Also discover what steps you should take right away and how to protect yourself. You’ll additionally find out how by using Avira Free Security you can browse the internet even more safely and strengthen the security of your Amazon account.
Here’s what to do if your account’s been hacked
Have cybercriminals gained access to your Amazon account? First try logging in to your account. If this works, change your password straight away and set up two-factor authentication (2FA). Also check all your information: From your order history to your address and payment details. Note down anything that looks odd and correct your information immediately. Where possible, cancel unauthorized orders right away.
Once you’ve secured your account and corrected all your important information, tell Amazon about what’s happened. The platform might have additional information and data that could be useful to you. Also tell friends and family that you’ve been hacked to avoid them falling into the same trap.
How are Amazon accounts hacked?
Account hijacking is a serious online threat. There are several methods cybercriminals can use to hack an Amazon account. The biggest weak point is often the user themselves. The more careless they are online and the more readily they share sensitive information without a second thought, the easier they make it for hackers.
Typical tricks cybercriminals use to gain unauthorized access to other people’s Amazon accounts include:
- Phishing attacks
- Malware/keyloggers
- Brute force attacks
- Data breaches
- Unsafe networks
- Social engineering
Let’s take a closer look at individual methods used by hackers.
Phishing attacks
When criminals disguise malicious emails as legitimate messages, this is called phishing. Here, cybercriminals masquerade as a trustworthy person or company, creating a sense of importance to pressure the victim into acting quickly without thinking — such as clicking a link in the email which takes them to a spoof website which at first glance looks like a legitimate one. There they enter their login details, and in doing so they give the cybercriminals quick and easy access to all their details — enabling the hackers to use that information for further criminal activities. But phishing emails don’t always contain links that take the potential victim to a malicious site. In some cases, a file attachment infected with malware is included.
Malware/keyloggers
Malware refers to malicious software that’s smuggled onto the victim’s computer or smartphone. This software can paralyze the user’s device or secretly collect information in the background. The criminals also use malware to blackmail their victims and only unlock the device after a ransom is paid.
A keylogger is a special form of malware. It doesn’t actively search for information on the device, but records each individual keystroke the user makes. So when internet users log in to an account using their private login details, these credentials are registered and stored. The information about the individual keystrokes is either stored locally or transmitted directly to the cybercriminals unnoticed via the internet.
Brute force attacks
Hackers can guess your password on Amazon and other services simply by trial and error. Whether by manually trying out different combinations or using tools, in a brute force attack the cybercriminal goes through every possible combination to crack your account password.
The success of such an attack depends on the complexity of your password. The longer, more complicated, and more unique a password is, the lower the risk that criminals will be successful with a brute force attack.
Data breaches
You’ve probably heard of data breaches at major internet platforms. Here, cybercriminals steal vast amounts of user data — often including each user’s name, address, telephone number, and email address. In severe data breaches, financial data or highly sensitive information such as insurance numbers are also stolen.
The stolen data is in most cases used directly for criminal activities or resold at a profit on the dark web. Regardless of the circumstances, data theft is always a serious problem that not only harms affected individuals but also damages the reputation of the platform from which the data was stolen.
Unsafe networks
Although phishing and malware are among the biggest sources of data theft, an insecure network also allows direct access to your system. For example, if you log in to a public Wi-Fi hotspot without secure access, everything you send and receive is unencrypted, meaning it could be intercepted by third parties.
Typical locations for unsecured networks include cafés, restaurants, and airports. Users need to be careful when banking online or logging in to e-commerce platforms like Amazon when on such networks. Failure to do so can lead to the theft of sensitive information and personal data.
Social engineering
With social engineering, cybercriminals pretend to be a trustworthy person (similar to phishing), often saying they’re an employee or customer support team member from a well-known company. Microsoft, eBay, and Amazon are among the most well-known examples.
The criminals contact the potential victims under the pretext that there’s something wrong with the user account and that they must act quickly. In this case, the victim trusts the cybercriminals and they share their personal data without a second thought. Instead of solving the (fictitious) issue, the hackers now have access to the victim’s account and can potentially cause immense damage.
Signs that your Amazon account’s been hacked
In most cases, you’ll notice right away that your Amazon account has been hacked. Typical signs include:
- Access denied: Can’t log in to your Amazon account like usual because your access is blocked? Is your password or email address incorrect?
- Unknown orders: Discovered new orders in your order overview that you didn’t place?
- Cancellations: Notice that your orders have been canceled without your permission?
- Different delivery address: Has a new address appeared in your Amazon address book, but you know you didn’t add it?
- New payment methods: Have you discover new payment methods or information in your account or in a future order that aren’t yours?
- Login alert: Has Amazon emailed you about a suspicious attempt to access your account?
- Credit used: Has your credit (e.g. from vouchers) been used up without you ordering anything?
If spot any suspicious or unusual activity, take immediate action to minimize damage and secure your account.
How do hackers use your account information?
Once hackers gain access to someone’s Amazon account, they can carry out various scams and fraudulent purchases. The most typical forms include:
- Unauthorized orders: Hackers use other people’s Amazon accounts to obtain goods using parcel collection points or fake addresses as delivery addresses.
- Gift card misuse: Many cybercriminals use their victims’ account information to purchase gift cards and resell them to third parties. The source of the gift-card code is very difficult to trace and the cybercriminals themselves don’t disclose any information.
- Unauthorized payment data: The cybercriminals can use other people’s payment information to debit bank accounts that don’t belong to them.
- Identity theft: Cybercriminals use stolen personal information to contact and deceive others. Phishing is even more effective because it directly targets people the victim knows.
- Sale of data and accounts: If the cybercriminals don’t use the account information themselves, they often sell it to other criminals on the dark web or other shady forums.
- Blackmail: There are cases where hackers threaten the victim that they’ll publish their personal information or order history. To prevent this, victims are asked to pay a ransom.
Take these steps if your Amazon account’s been hacked
Has your Amazon account been hacked and you’re wondering what to do? The following overview will help you take the right steps to minimize any potential damage.
Change your password immediately
If you have even the slightest suspicion that your Amazon account has been hacked, change your password. Make sure your new password is unique, complex, and as random as possible. If you’ve used the same password on other platforms, change it there immediately as well.
Update your account information
If you notice that personal data such as your name, address, or telephone number are no longer correct, change them. Take screenshots to keep a record of the incorrect addresses and information as evidence to assist with future investigations.
Check your order history
Check your order history to see if any items have been ordered without your authorization. If so, cancel them immediately to prevent them from being shipped and charged to your account.
Remove stored payment data
Be sure to also check the payment information stored in your account. Even if your address and other personal information are all correct, hackers might have stored someone else’s payment details, which you may not notice right away. To avoid charging someone else’s account, go through all the data you have stored in your account and correct it if necessary.
Tell Amazon
As soon as you have full control over your account again and any changes have been reversed, tell Amazon customer service. You might also find information, tips, and options to support you with the incident on the platform.
Preventative measures against account hacking
There are other things you can do to prevent your account from being hacked. Make sure you:
- Set a secure password: Make sure you use a different password for each platform. Passwords comprising upper and lower case letters as well as numbers and special characters are much harder to crack. The longer, more complex, and more unique, the better. Save yourself the hassle of having to remember any passwords with a password manager.
- Use two-factor authentication: If you want to be absolutely sure, turn on two-factor authentication (2FA). When you log in, you’ll be sent a one-time, time-based code by text message, email, or authenticator app, which you’ll need to enter along with your password.
- Perform regular updates: Make sure you keep all your devices, programs, and drivers up to date. This will close potential security holes and make it more difficult for cybercriminals to access your system and data.
- Clear browsing data: You should regularly clean your browser cookies and clear your cache to prevent hackers from taking over old sessions and accessing accounts even without your login information.
- Be careful when surfing: Think carefully about which platforms you really need to store sensitive data on and what you want to reveal about yourself online. Be suspicious of unexpected emails as a potential phishing attack might be hidden behind every one.
Surf even more safely — with Avira Free Security
Strengthen your online protection and make life tougher for cybercriminals by installing Avira Free Security. Enjoy total piece of mind with this all-in-one solution. It can detect and neutralize malicious software in real time, making it your best line of defense to stop malware in its tracks. You can also count on it to identify and alert you of existing threats on your device.
Avira Free Security also has an integrated VPN solution. It allows you to surf more securely, even over public Wi-Fi hotspots, as third parties cannot locate you. Your data remains yours and your true identity is concealed.
Amazon is a trademark of Amazon Technologies, Inc.
This post is also available in: GermanFrenchItalianPortuguese (Brazil)