Safeguard your personal data with Avast Secure Browser
With millions of user accounts directly linked to active credit cards and incredible global reach, Amazon is a potential gold mine for hackers. Learn how to protect your Amazon account and help safeguard your digital identity against the next data breach — no matter which platform it happens on — with powerful identity protection from Avast BreachGuard.
Online shopping is great, but it can present risks if you’re not careful. Even though Amazon is one of the most trusted online retail platforms, the ease and prolific use of Amazon make it appealing to hackers. Speed is of the essence if your Amazon account gets hacked, so learn what to do if it happens, sharpen up on Amazon fraud protocol, and stay a step ahead of a hack attempt.
This Article Contains:
Once a hacker gains access to your Amazon account their first move is often to change your login details. This step makes it harder for you to regain access to your hacked Amazon account.
Thankfully, Amazon offers two-factor authentication. If you have 2FA activated and there’s an attempt to breach your account, the hacker will also need access to your phone to get a passcode.
For successful hacks, cybercriminals will make purchases or buy gift cards with the payment details you have stored on your Amazon account — hackers will send the items to a different address from their own to avoid being caught. They may buy expensive items then resell them online. It could even be part of a broader Venmo scam.
Have you ever sent Amazon packages as gifts? Or changed the shipment address to the most convenient delivery location? Yep, hackers can do that, too. With a user’s login details, a hacked Amazon account will ship anything anywhere.
Being the largest online retailer in the world, there are many different types of hackers using Amazon account hacks as a business model. Amazon accounts can get hacked in a number of ways, including hacked email accounts, phishing schemes, and keyloggers.
You should also be aware of phone hacking signs, as hackers could be listening to your calls to steal your personal information. And if you think your Twitter account has been hacked, that could be a gateway to your Amazon account if you use the same password on multiple accounts.
An easy entry point to your Amazon account is a hacked email account. If a hacker gains access to your email address that’s linked to your Amazon account all they need to do is request a password reset and Amazon will send a reset link directly to the email account over which they have control.
A hacked email account is a major vulnerability for all online accounts, not just Amazon. Plus, a scammer would have access to much of your personal information and could use this in other nefarious ways like selling it on the dark web.
Hackers are also known for sending mass Amazon fraud email campaigns that operate as phishing schemes. They’ll send a fraudulent email impersonating Amazon hoping you’ll give up personal information or click links leading to phishing sites. These scams are astonishingly convincing and you may not even know you've been targeted by an Amazon fraud email scam.
Clever as hackers may be, there are common signs of attempted fraud and ways of spotting an Amazon phishing scam. Know how to identify a phishing email and be on the lookout for poorly written emails, strange language, and linked websites that are not actually Amazon, but look deceivingly close, such as “Amozon” or “AmazonShop.”
An example of what an Amazon phishing email might look like.
If your Amazon password is “123buythings,” you're the perfect target for automated password cracking. Learn how to create strong and unique passwords — it could be the difference between getting your Amazon account hacked or not. Automated password crackers guess combinations of common keywords and numbers until they crack the code.
Here are characteristics of a weak password:
A commonly used word or phrase (e.g., qwerty)
Something that includes your personal info (e.g., birthdate)
A string under 10 characters
A password used on multiple platforms
Data breaches and their corresponding data dumps happen all the time. If you don’t set a unique password for every online account or use one of the best password managers, your chance of getting hit by a data dump significantly increases.
All websites can potentially be hacked, and if one is successfully hacked, your login credentials could be sold to other bad actors or used to hack into your other accounts. So if your Instagram account gets hacked, for example, consider your other accounts vulnerable, too.
Keyloggers are a stealthy way to steal your passwords and account details. Once a keylogger infiltrates your device it tracks all your keystrokes and remotely sends this data to the hacker. If you access Amazon while a keylogger is recording, you've essentially sent your account details and password directly to the scammers.
If your Amazon account gets hacked, here are the ways to recover it.
If you suspect fraud on Amazon, you need to do an Amazon reset password request immediately. There are a couple different ways to do this, depending on the situation.
Log in and click Account & Lists.
Click Login & security.
Click Edit next to Password.
Approve the notification sent to your email or phone, then enter your Current password. Use a random password generator or long and unique passphrase to create a new, strong password. Enter your New password twice and click Save changes.
Go to Amazon's login page and click Need help? then Forgot Password. Enter your email or mobile phone number and click Continue.
Solve the puzzle, then enter the One Time Password (OTP) you receive, and click Continue.
Enter a New password, then Re-enter the password, and click Save changes and Sign-In.
If you still can’t get into your account, contact Amazon’s customer support either online or over the phone. If you’re an Amazon Pay customer, there’s an Amazon fraud protection team you can call. The Amazon fraud phone number to call in the US is 866-216-1075.
Your Amazon account is of little use to hackers if you don’t have stored payment information on your account.
Eliminate the threat of fraudulent charges by removing payment info:
Log into your Amazon account and go to Account & Lists.
Click Your Payments.
Click Remove from wallet.
Repeat this for all your payment methods.
It may not be immediately obvious that you're a victim of Amazon fraud. That's why it's important to regularly review your Amazon order history and report suspected fraud immediately.
Don't forget to check Archived Orders, too — this is a sneaky hiding spot where hackers can move orders, hoping you overlook them in your order history.
The best way to avoid an Amazon scam and protect your account from being hacked is by enabling two-step verification. Two-factor authentication works by requiring an additional verification step to access an account. While it can’t stop Amazon's Alexa listening (after all, it needs to be ready for your wake word), it will help prevent hackers from entering your account.
To set up two-step verification for your Amazon account:
Log in and go to Account & Lists.
Click Login & security.
Click Turn on.
Enter your phone number and click Continue (or choose to use an Authenticator App).
Enter your One Time Password (OTP) and click Continue.
Decide whether you want to check the box next to Don’t require OTP on this browser, then click Got it. Turn on Two-Step Verification.
Despite Amazon being one of the most trusted and widely used online retail platforms in the world, or perhaps because of it, hackers go to great lengths to hack Amazon accounts. That’s why it’s important to secure your online accounts and data.
Avast BreachGuard alerts you if any of your login data is part of a data leak, helping you to proactively change your logins before they’re used by hackers. You’ll also receive individualized tips for how to strengthen the security of your online accounts. Shop online more safely, knowing that your identity and data are being monitored by best-in-class security protection.
Immediately change your password and remove all linked credit, debit, or bank cards stored in the Wallet section of your account. If there has been unauthorized activity on your account, report it to Amazon’s customer service team (888-280-4331 in the US). If any fraudulent charges have already been made, contact the credit bureaus and your bank.
Amazon will never ask you to provide login details over a text message, although they may occasionally send you security alerts and texts about important changes to your account or ask you to confirm account activity. If you receive a scam text that is supposedly from Amazon asking for any personal information, report it to Amazon immediately.