If Your Amazon Password Is On This Website, Stop Using It Now
Amazon password attacks are surging
Getty Images
Amazon password attacks are now driving headlines, as hackers impersonate the retail giant with malicious messages to steal passwords and access accounts. “Scammers that attempt to impersonate Amazon put consumers at risk,” the company tells me.
But your account is even more at risk from attackers who may have acquired your password from a breach or infostealer campaign, or because it’s weak and easily broken. Given the surge in attacks, you need to address these risks right away.
As I have warned before, the latest Amazon lure is the promise of a refund for a recent purchase. It comes by way of a text message with a link “to request your refund.” Clicking through takes you to a fake sign-in window that steals your password.
The FTC and Better Business Bureau have both issued warnings. Amazon says it “will continue to invest in protecting consumers and educating the public on scam avoidance. We encourage consumers to report suspected scams to us so that we can protect their accounts and refer bad actors to law enforcement to help keep consumers safe.”
This latest attack highlights the insecurity of password access. If you have nothing but a username and password protecting your account, then your account is at risk. And if your password is weak, then your account is wide open to attack.
As ESET’s Jake Moore warns, “criminals have the ability to test stolen and common passwords across multiple sites at once and many people who reuse passwords will see their accounts compromised.”
Password dangers
CyberGhost
Two recent reports have shone a light on the most common passwords in use, providing good advice on what to avoid and how predictable we all can be.
NordPass publishes a list of the “most common passwords” and you can assume every hacker has this to hand. Meanwhile, CyberNews analyzed passwords in the “19 billion leaked passwords” breach. This wasn’t really a new breach despite the headlines, but it was a valuable collation of smaller breaches and infostealer troves.
But the website that’s even more telling is CyberGhost’s, with its “worst passwords in the last decade.” Spin through this guide to all things you shouldn’t do with passwords, whether it’s keyboard patterns, numbers, animal names, sports, cars or celebrities.
You really need to add a passkey and enable two-factor authentication on your account. Amazon is a prized target and doesn’t mandate 2FA, leaving a vast number of accounts protected by nothing but passwords. As CyberGhost warns: 81% of account breaches are caused by weak passwords, 60% of people use the same passwords across multiple accounts and unsurprisingly 90% of people worry about account compromises.
If you’re struggling to conjure up good passwords, then fortunately, as Moore suggests, “password managers are now easier than ever to use and they can generate strong, unique passwords and store them securely. Furthermore, when combined with multi-factor authentication, they offer a significant boost to account security.”
If you have nothing but a weak password in place, then you should worry.