Email from Amazon to register in webinar asking for Merchant token. Is it safe?

Countries

Read only
Australia
Belgium
Brazil
Canada
Egypt
France
Germany
India
Italy
Japan
Mexico
Netherlands
Poland
Saudi Arabia
Singapore
Spain
Sweden
Turkey
United Arab Emirates
United Kingdom
United States
United Kingdom
imgSign in
Country changed
user profile
Seller_B7ySYNiwjiQ1Q

Email from Amazon to register in webinar asking for Merchant token. Is it safe?

Hi ,
I received Email from Amazon to register in webinar (training related) and its asking for Merchant token. Is it safe to give? email is from Amazon Seller Services noreply@sell.amazon.com.
Thanks

76 views
6 replies
Tags:Registration
00
Reply
6 replies
user profile
Seller_KKcTTZzy6Jd6Q

Most one-of webinar announcements get posted here: https://sellercentral.amazon.co.uk/gp/headlines.html
emails usually go out first and then they get posted on the news board shortly before the date they’re due to be held.
A handful are only advertised via email.
There are also recurring training ones here: https://services.amazon.co.uk/resources/events-webinars.html

As you said it’s a training webinar I’m assuming the email had that 2nd link in it? That page doesn’t link up with seller central so asking for your merchant token kinda makes sense.

But on a separate note:
You can’t trust the “from” field of an email, it displays what the sender chooses, not the email address it actually came from. The only email we’ve ever received from noreply@sell.amazon.com actually came from a-really-long-series-of-seemingly-random-characters@amazonses.com (which appears to be one of Amazon’s internal mail servers, so it makes sense to display a more user-friendly return address)

00
user profile
Seller_B7ySYNiwjiQ1Q

Thank you for the quick response. yes it makes sense to go via direct link. thanks again

00
user profile
Seller_DethyO9x7Padj

I just found this post/topic because I got suspicous when the seminar form asked for my Merchant token.

In my mind that is a huge red flag.

Never give out any such information unless it is for some kind of integration service that you have initiated yourself and trust 100%.

It could easily be a man-in-the-middle that have scraped the proper seminar information, stealing your token, and then adding you to the seminar making it very hard to notice that your credentials are now stolen.

00
Follow this discussion to be notified of new activity