In 2018, Amazon was struck by a considerable attack, with hackers taking funds from approximately 100 seller accounts, according to a Bloomberg report. Between May and October 2018, Amazon sellers were struck approximately 100 times, draining funds from the seller control platform to augment their own funds. According to the investigation, the first fraudulent transaction took place on May 16, 2018, with an undisclosed amount being stolen. The hackers utilized phishing attacks in order to scam their targets.
On May 8, 2019, almost a year to the day after the first transaction was made, an Amazon spokesperson claimed that the company had completed investigating the compromised accounts, and had been the victim of an “extensive” fraud. The extent of the fraud was large enough where two banking companies, Barclays and Prepay Technologies (who is a partial subsidiary of Mastercard) are caught up in the crime.
Ultimately, Amazon neglected to disclose the true scope of the hack, but a report by Bloomberg indicated that over one billion dollars were dispersed to merchants in 2018 via Amazon Capital Services U.K. While there is currently no figure provided by the company, if large portions of that money was subverted, it could rank as one of the largest hacks in the history of online commerce, and certainly the biggest fraud that has involved Amazon.
Amazon, which has a business model built to be largely automated, has done a remarkable job of keeping personally identifiable information from being hacked over the years, but in today’s threat-persistent culture, even the most secure companies can have situations happen to them that jeopardize their ability to complete financial and information transactions, regardless of how much they invest in cybersecurity.
Just because this article mentions a major fraud involving the world’s largest online retailer in no way means that hackers have moved on from trying to hack small businesses. Small businesses face the majority of hacking attacks, mainly because they have the least amount of security to thwart. In fact, if Amazon can fall victim to phishing attacks, it’s not a stretch to believe that your company is susceptible. With millions of phishing messages sent every day, many of which target small businesses, having a strategy to educate your staff is extremely important.
The best way to go about doing that is to be proactive. Getting your staff to understand that they are on the front lines of a never-ending cyberwar and what they need to learn in order to keep themselves, and your organization free from the serious risks that come from falling victim of phishing attacks. Some things you can prioritize:
With these four tips you can go a long way toward protecting your business, and your staff, from the detrimental characteristics of a phishing attack.
If you need help with your organization’s cybersecurity, or if you simply want some help outlining a strategy to use, contact the IT professionals at Graemouse Technologies today at 253.777.0763.