Verification or Phishing?

So… I just got this email today and I’m not sure if this is the recent neverending verification saga or a phishing attempt.

It is titled “Your Amazon.com Seller Account”, and it comes from “[email protected]”.

image619×516 10 KB

A little background to this,

1. The INFORM Act thing is completed. No issues there.

2. A box has been showing up on my Account Health page for months asking me to re-verify the emergency phone number.

3. Before receiving this email, I’ve only re-verified the email address but not the phone number because the phone number we originally had on the account was a landline (company phone number). For verifications like this we used to be able to get the OTP from a robotic call but it seems like this time Amazon refuses to deal with anything other than an SMS to a mobile number. (Just as @Dreamscape-Studio described in this thread)

4. It would be simple if we just use a mobile and be done with it, but things are also kinda complicated, so I just left the phone number un-re-verified(?) as it is for 2 months.

5. Here comes the above email.

First of all, any domains other than @amazon.com look suspicious to me.
I clicked the “CONFIRM NOW” button, and it opened a reply window to “seller-performance @ usa-amazonservices .com” with the title “Your Seller Account: Action Required”, and the content states “I am ready to start the verification process.”.

That’s when I felt uncomfortable going any further, so I just closed the window without sending the reply.

At the same time I am also worried that it is a legit email, which could only mean that Amazon is upset with me for not re-verifying the emergency phone number. So I finally caved in and reluctantly used a mobile number to verify the emergency contact in Seller Central, which was completed in minutes. (I accessed SC through my usual bookmark and did not click any links in the email other than the “CONFIRM NOW” button which automatically opened a reply window for me.)

Am I too suspicious or is it really a scam?
If it is indeed a phishing attempt, will I get into trouble because I clicked the “CONFIRM NOW” button, even though I have not sent the reply?

Just do this through your account. It is quick and easy (we had the same notification).

Yes … it would be simpler. This emergency number is to contact you if there is something critical happening with your account that Amazon wants to contact you about.

We also use a traditional landline with the account. Setting this up with your mobile only sets it up as the emergency contact number.

Again … we would do it through the account health notification and not via the email link (like how you did it through your account health).

That looks very phishy. Good instincts to close and go through a route you know is good.

That sort of depends on how clever they are. If the link was set up in a way that notified them that you clicked it, you could be flagged as a live target and they may keep trying.

I’m not blaming you, by the way, but I’m going to flag the post so a mod can come in and break the URLs in such a way that people don’t auto-open them, but it’s important that they’re still visible in a way people can read them for their own edification. [edit: oops, I left one myself.]

That email is indeed bogus and you were right not to answer it.
Your observation that only @Amazon.com is a legitimate domain is correct.
When in doubt, remember that (almost ) anything official can be dealt with through your Amazon account, and Amazon will never require that you click a link in an email to resolve an issue.

Since all you did was click reply but never sent anything, you should be fine. However, I would make sure your 2FA is current, and changing your password doesn’t hurt.

That’s the situation I am in. I attempted to verify that phone, but nothing happens. So I assume they are attempting to text a landlne phone.

When I have to get a code to sign in (not often – maybe every ten days or so) – the process works fine – landline rings, recording gives me my code.

So I have left it “unverified”.

While that’s generally true - and is certainly a good rule of thumb to follow, especially if one isn’t familiar with parsing Internet Headers to determine the legitimacy of an email message’s originating domain/sub-domain - it’s not invariably true.

Amazon does use a variety of legitimate domains, other than the TLD-hosted Amazon.com, as I pointed out several times in the OSFE - such as in this 100720 post to a 100620 thread on a similar subject (where some of the best and brightest among us were misled by a first-blush appearance of a phishing attempt, later confirmed to be unfounded by the FMT’s James_Amazon in a 100820 reply to that thread [link]):

https://sellercentral.amazon.com/seller-forums/discussions/t/8758475019edb5a246ed8d4cd99f3351?postId=ab1beea6b39268847ee91a2e75fad7b4

Much of the problem here stems from the Silo Manglement Management Model of Bureaucratic Administration favored by Amazon, and its devotion to outsourcing a variety of functions, and its failure to ensure that proper security protocols be followed in ALL situations by both internal teams & external providers.

For instance, Amazon’s preferred Third Party Survey Provider, Qualtrics, has been known to be tasked additionally with certain SIV (‘Amazonese’ for “Seller Identity Verification”) tasks - as have certain other providers and/or Global Teams - but it took years of complaining* before Amazon began including this ‘heads-up’ disclaimer for legitimate messages directing a SOA Account to engage offsite:

I’ve seen other instances of this email our friend @jml received posted over in the NSFE (& related discussion venues) in recent months, and @ the first blush I lean towards suspicion of a phishing attempt - but the only way I could be sure that it’s not simply another example of this or that Amazon Team dropping the ball by going out of the bounds of proper security practices would be to parse its Internet Headers, because that’s the only way (as any SysAdmin/Mail Administrator worth his/her salt will tell ya) that legitimacy can be confirmed, 100%.

Generally speaking, if one is not proficient in the techniques of parsing an e-mail message’s Internet Headers, our friend Marbles’ up-thread advice to utilize SIV functionalities available directly in Seller Central is likely to prove the best approach.

It is worth noting that the link in the Amazon forum post you referenced was a legitimate email, but not from any Amazon department related to sellers or their accounts, but rather from an Amazon marketing affiliate trying to conduct a survey and can therefore be freely ignored.

I should have spoken more precisely: Only a @amazon.com domain will be used for any account, performance, or other meaningful communication from Amazon, and any other domain can be safely ignored as spam or frippery without risk of harm.

A case I think @ least somewhat in point:

In Point # 2 of that 7Oct`20 OSFE post, I mentioned the long-standing habit of the GST’s (‘Amazonese’ for “Global Selling Team”) lead division (@ least, @ that time), Amazon Seller Services India Pvt. Ltd., in failing to observe the fundamental ‘niceties’ of crucial details.

My best guess is that most all of us who’ve been around the block a time of two in Sailing The River are undoubtedly well aware that this is certainly not a new phenomenon - but for my own part I must say that I remain dismayed that Amazon’s laxness never fails to astound.

It’s been more than a few years since I’ve seen an e-mail message - from ANY Platform, Provider, or other entity, sales-oriented or Service-oriented - for which the crafter(s) failed to rework the Cicero-/Letraset-derived placeholder “Lorem ipsum” of a template with more-meaningful text, or simply suppress it as unused - but this befuddled practice hasn’t died out in Amazon’s far-flung infrastructure; our Marketing Department just forwarded an e-mail from the Sponsored Brands Team exhibiting exactly that (n.b. that this example is both truncated & revised from the more-commonly seen text used in a variety of digital communication templates):

Sadly, I remain convinced that #IdiocracyIsComing - and that the heedless & headlong rush to embrace generative/LLM AI technology is a clear and present danger to human civilization.

Handbaskets Abound.

Oh for goodness sake.
These people are clowns.

Got this same email today for the account I recently closed. I should have remembered that it was a fake from reading this thread…

I did click on the link but TotalDefence blocked it thankfully.

THEN I looked at the sender address which was [email protected]

Interestingly missing the “S” in services that yours had.

Guess they created a new email addy bc the other was shut down??? IDK

@ASV_Vites I edited your post to make your link not-alive but also thank you for letting us know the evolution of trickery here.