Be aware that Amazon might not always notify you that your account has been hacked, so look out for the warning signs and make sure your account is secure.
How hackers can access your account
If you notice an increase in phishing messages, spam calls or texts, or unusual Amazon account behavior, it could be a sign that someone is trying to hack your Amazon account. There are many dangerous hacker types out there, so it’s important to pay attention to the warning signs that they may be targeting you.
Here are some of the most common methods hackers use to breach Amazon accounts:
Phishing is one of the most effective ways for hackers to gain access to users’ accounts. Hackers can send enormous volumes of spam emails in hopes of tricking some of the millions of Amazon users into compromising their private account information.
Phishing emails are effective because they very closely imitate the real thing. An email might look like it’s from Amazon, right down to the logo. But a malicious link in the email may take victims to a spoofed Amazon site, fooling them into entering their Amazon account information, password, or payment details — ultimately giving the scammer access.
If you’re not sure whether a website is authentic, check if the site is safe with our handy guide.
Fraudsters can track your online activity and even detect what you type with keyloggers — a type of spyware that monitors keystrokes. This allows scammers to passively steal a victim’s Amazon password, account information, and payment information. Hackers can infect victims’ computers with keylogging software via an infected link, download, or email attachment.
Spam one-time passwords (OTPs)
Amazon uses OTPs (one-time passwords) as part of a two-step authentication to verify your Amazon account when you attempt to log in. This is a legitimate and effective security measure, but if you receive an OTP from Amazon when you haven’t tried to log in, it means that someone else is trying to access your account.
If you’re not attempting to log in, treat the OTP notification as a hacking attempt, and change your password immediately to secure your account.
Calling or messaging you directly
Scammers often use phone calls or texts to try to trick Amazon account holders into divulging their personal details and payment information. A scam call or text might ask the user to provide their account information in order to confirm a recent order. Beware — this is always a scam!
Amazon will never call you to confirm an order and will never ask for sensitive account details over the phone.
Cracking weak passwords
Hackers can use automated software to crack weak passwords and hack your email or Amazon account. It’s essential to create a strong, unique password that you don’t use for any other account. If you use the same password for multiple accounts, hackers can use this information to gain access not only to your Amazon account but to any other account that uses the same password.
What should you do if your Amazon account has been hacked?
If you suspect that your Amazon account has been hacked, check your order history for fraudulent orders, remove your payment details from the account if you can, and change your password immediately.
Here are the detailed steps for securing your Amazon account:
Change your password
Changing your Amazon password and the password for the email linked to your Amazon account should be your first step in securing your account. Keeping your email secure is an important part of helping to prevent Amazon account hacks in general.
Follow this step-by-step process to reset your Amazon account password:
Open your Amazon account, go to Your Account, and click Login & Security.
In the Password section, click Edit.
Enter your current password, then enter your new password twice to confirm. Click Save changes.
Practice good password hygiene by using a different password for every account. Make sure you choose a strong password — a password manager can help generate a strong password for each account, and it can store each password securely.
Update your account information
If your Amazon account has been hacked, the hacker may have tampered with your account information. Verify that your address, phone number, and email address are still correct. If any personal details were altered, take screenshots before correcting them — these screenshots can help you prove fraud if necessary.
If you suspect that the hacker might know your credit card details, remove your current payment details and cancel the cards linked to your Amazon account.
Check your order history
Make sure there are no unauthorized orders pending. If there are any orders that you did not place yourself, cancel them immediately or contact Amazon to inform them of unauthorized activity on your account.
Check open orders, canceled orders, as well as archived orders. You can find these by clicking Returns & Orders in the Your Account menu. From this screen, you can check Orders, Not Yet Dispatched, and Canceled Orders.
Fraudulent activity is often hidden under archived orders. You can check for archived orders by clicking [number] orders placed in… and selecting Archived Orders from the list.
How to prevent an attack
Hackers often use sophisticated techniques to breach their victims’ online security, but you can implement measures to help prevent an attack.
Use and update your security software
Installing antivirus software and other security tools, and ensuring that they’re up to date, can greatly reduce your risk of being exposed to malware that leads to accounts being compromised. Here are some other security tools that will help to keep your accounts safe:
VPNs: A VPN strengthens your online privacy and lets you browse safely on a public network.
Firewalls: A firewall acts as a protective barrier between your device and unauthorized network traffic that may be trying to access it. Most routers and Windows and Apple computers come with a built-in firewall, but you may need to configure it.
Hotspot settings: Disabling your mobile hotspot when not in use can reduce the risk of hackers being able to hack your phone or computer.
Network passwords: Keep your home network private by securing your router with a strong and unique password. Then change it periodically to help prevent router hacking.
Enable two-factor authentication (2FA)
Two-factor authentication (2FA) is an extra layer of security that requires you to enter a second method of authentication, like an SMS code, before gaining access to an account. That makes it harder for a hacker to breach your Amazon account, as they will need access to the secondary device to complete the two-step login process.
You can activate 2FA on Amazon via the following steps:
Go to Your Account and click Login & Security.
Find 2-step verification and click Turn on.
Click Get Started.
Enter your phone number and click Continue.
Type in the OTP (one-time password) sent to the phone number you entered and click Continue.
Click Got it. Turn on Two-Step Verification.
When logging into your account from a new device, you will have to enter a code sent to your email or phone in order to access your account.
Install the “Secure Your Account” feature
If you suspect your Amazon account was hacked, it’s easy to secure your account. Go to Your Account > Login & Security and find the Compromised Account? section. Select Start to follow Amazon’s recommended steps. You can also click Sign out of everything to make sure that any unwelcome parties are signed out of your Amazon account.
Why is my Amazon account on hold?
Amazon is hyper-vigilant about account security. If your Amazon account is on hold, there’s likely a security issue, and the account has been blocked to protect you. Reasons may include:
Card information and billing details don’t match during a purchase transaction.
An unusually high number of orders were placed on a new account.
Amazon detected logins from a number of different locations.
There was suspicious gift card activity.
Amazon putting your account on hold doesn’t automatically mean that your account was hacked, but it is important to review your security details, check your personal information, and review your purchase history just to be sure.
How to recover your Amazon account
If your Amazon account was locked, follow these steps to recover your Amazon account:
Click Need help? and click Forgot Password. Enter your email address or phone number and click Continue.
Enter the one-time password (OTP) sent to your email address or phone number and click Continue. You might also have to confirm your identity by entering personal information.
Enter your new password twice to confirm, then click Save changes and sign in.
How to contact Amazon
Go to Your Account > Customer Service and click Report Something Suspicious. This will allow you to report a problem to Amazon directly. You can also click Something else > Contact us to chat virtually with Amazon. At the moment, there is no option to use a private messaging app to talk with an Amazon customer service rep.
Always report an internet scam to the relevant authority, especially if the scam results in financial fraud or suspected identity theft.
Protect your accounts and personal information with AVG
Take control of your privacy and help reduce the risk of scammers gaining access to your personal details with AVG BreachGuard. If your data is leaked, AVG BreachGuard alerts you so you can change your logins immediately. And, you’ll even get personalized tips on how to remove your personal info from data brokers lists. Get AVG BreachGuard and help protect your personal data today.