Amazon Account HACKED: Here's how it's done!

I have a client how has recently had her Amazon account hacked. Here's how it was done:

The hacker was able to obtain her email address and password, likely from the Dark Web. I checked https://haveibeenpwned.com/ and found that she had been part of more than one data breach. The hacker then purchased her email and password, and was now able to log into her Yahoo email where he set up a forwarding email address. All her emails were now being forwarded to another email address that was owned by the hacker who was now able to read all her emails including notifications and verifications from Amazon. At that point the hacker was able to change her Amazon password and mailing address. He also created a filter so that any email with a subject line containing the word "Amazon" was automatically removed from her inbox. They purchased several expensive items and had them shipped to the new address and paid for by a stored credit card.

Upon discovering the unauthorized charges, she tried logging into her Amazon account to change the password. She first tried to retrieve her password via the Amazon site, but they require email verification. Because the hacker had set emails from Amazon to be removed from here inbox, she never got them. She called Amazon and they confirmed that they were sending her recovery email to her current email address. Because she was not getting the emails she was unable to recover or change her Amazon password and the purchases continued. It was only when she discovered that all her Amazon recovery emails were in her Archived folder that I got involved. I searched the web and found little info on this simple, but effective hack.

Note that just changing your Amazon and email passwords will not solve the problem. You must also remove the forwarding address from your account and delete the filter. I would also enable 2-factor authentication on both your email and Amazon accounts.