Sellers are receiving Amazon scam calls from phishers trying to obtain their Amazon account credentials. This is one step up from the normal phishing emails that we see as they are now actively contacting sellers by telephone trying to convince them to log into fake Amazon account pages where their user name and passwords will be captured under the guise of needing to reset their accounts.
The message is simple, don’t fall for the scams.
Gareth from Quad Bikes Wales is far to savvy to fall for such an obvious scam and part way through the call started recording it so that other’s can be warned. In this case the phisher tried to get him to log into a sellercentral minus account minus amazon dot co dot uk domain and of course he immediately smelt a rat, but played along to find out how persistent the scammer would be. You can listen to the recording below:
Gareth is of course no novice Internet user, but it may be worth warning your staff that these Amazon scam calls are being made as they may not be quite as alert to fraud, even though in this case your browser will warn you that the page is not secure which should ring the alarm bells. Once a scammer has access to your seller account there is no limit to the havoc they could cause from listing fake products, changing your existing offers and diverting payments to fraudulent bank accounts.
We checked the domain details and it was only registered on the 10th of April 2018, but who knows how many times they’ve attempted to phish Amazon accounts in the past two weeks? This isn’t likely to be a one off instance and in all probability the hackers are phoning hundreds of Amazon account holders each day.
It may seem obvious to ask how come these scammers can so easily register a domain that sounds relatively official, but with hundreds of domain registration companies when one shuts you down it’s easy to move on to the next. There are also plenty of target websites from marketplaces to banks, online payment companies and so many profitable targets for phishing that, in fairness, it’s almost impossible for domain registration companies to keep ahead of the hackers.
If you come across a scam phishing site, the best advice is to report it to the domain registrar at their abuse@ email address to get them taken down. Naturally we reported this scam site to the domain registrar. Unfortunately when we called all their PR team were away in Germany so we were unable to offer them the opportunity to comment. We did speak to their legal team by telephone but almost 48 hours later the site is still live and the domain hasn’t been cancelled or restricted.
5 Responses
Ahhhhhh, that’s great.
Just the sort of thing I used to do when I got phone calls from “MICROSOFT”! and they could see I had a virus.
I would carry on for a while and then talk about scams.
It usually ended in both of us having a good laugh.
Some would even tell me that “I” was wasting THEIR time !!!
The cheek of it!!
Great recording!
Looks like the domain has not been anonymously registered…
Raw Whois Data
Domain name:
sellercentral-account-amazon.co.uk
Registrant:
D***** M*******
Registrant type:
UK Individual
Registrant’s address:
****Edited by admin to remove Registrant’s name and address (although they are freely available from Whois data)
Hello, I also got a call from “Amazon” asking for my mobile number. Since this is also used for my two-step verification I refused – told the caller that if they were actually from Amazon they would already have this. Gareth from Quad Bike Wales might want to make sure his two-step verification uses a different mobile.