Hackers steal money from multiple Amazon vendors

Amazon, the e-commerce and technology company, has suffered a cyber attack in which hackers compromised more than a hundred vendors’ accounts, stealing their funds through various scam tactics, as reported by information security servicesspecialists.

As reported, the attack would have occurred sometime between May and October 2018; threat actors would have compromised some accounts from Amazon vendors in financial institutions like Prepay and Barclay. After the details of some accounts were modified, fraudulent transfers were directed to bank accounts controlled by the hackers.

The company is still unclear about how much the hackers managed to stole, but it is believed that everything could have started with a phishing campaign in which threat actors tried to deceive Amazon vendors into delivering details of their accounts, such as login credentials and financial information.

Several information security services firms consider this to be a very serious and powerful attack;on the other hand, Amazon claims that it is working with financial institutions to try to track fraudulent transactions and their operators.

Last year, a few days before the Black Friday, a cyber security incident at Amazon exposed the names and email addresses of many of the customers registered on the platform, so, unfortunately, this kind of inconvenience is not unknown to the company.

According to some information security services firms, phishing attacks are still a very common method for cyberattack campaigns and operators have no problem attacking big targets. In recent days, Binance, the most important cryptocurrency exchange platform, suffered the theft of around 40 million dollars (about 7000 Bitcoin); according to experts from the International Institute of Cyber Security (IICS), phishing was one of the techniques used to deploy that attack.

Experts of information security services recommend that Amazon users never share their login credentials or financial details with anyone; remember, companies never ask for users’ confidential data via email.