My Amazon account was hacked again through my Cox email. This is the 4th time it has happened over the past few years. I have 2 factor authentication set up with Amazon but they bypass that & click ...
This doesn't sound right. If you've changed your email account numerous times on Amazon, what are the odds somebody can navigate to those pages (Cox, Yahoo, Gmail, etc)...on their browser, mind you...and crack those passwords? I suppose they could access all accounts if you're using the same email address and/or phone number as your recovery methods but if you've changed that password as well, the odds are still astronomical.
Passwords aside, if you're using the Amazon Two-Step Verification, those codes are either locally generated (app) or locally accessible (SMS). Meaning, nobody can see those codes unless they have access to your "primary mobile device." If they don't have access to your primary device, they'd need access to your mandatory back-up device to either see or hear your unique security codes.
It doesn't sound like somebody has access to your Cox account, but somebody has access to your device(s). As BSD noted, something or someone has either infected your network or has access to your devices.
However, if you're using the Amazon Alternate Sign-In for Two-Step Verification, this could be causing your mystery. What is your first suspicion somebody has changed your password on Amazon; is it an error message after submitting your password? If so and you're using the Alternate verification, that's normal because your password will change every time.
Alternate Sign In for Two-Step Verification
[Step] 4. Add the security code to the end of your account password on the device or app you are attempting to register and submit again. For example, if your password is "abcdef" and the security code you receive is "12345", then enter "abcdef12345" in the password field. You will then be signed into your Amazon account.
If you're using the normal 2-step method, you can skip the security code verification by checking the option for Do Not Require Codes on This Browser. This option needs cookies but if you're clearing cookies, you could be suspicious because Amazon will force you to re-verify again.
If you're not opting to bypass codes or not clearing cookies, you'll need to review your account in Amazon for any unknown "trusted" access and then either untrust, deverify, deauthorize, deregister those devices. If it keeps reappearing, you'll need to contact Amazon to investigate.
You didn't mention if the hacker is actually ordering stuff on Amazon. Are they? If so, where are they sending the packages?
If you...or somebody...clicks Forgot Password on Cox, what do you have to do? Do you have to answer a secret question? If so, change your secret questions and answers.
However, if the somebody knows you well, they could be easily answering your questions. If so, provide bogus answers you'd only know. For example, if Cox asks, "What's the name of your childhood pet?"...use the name of a pet belonging to someone else that you'd uniquely know.
Cox provides an option to reset your question-answer if you've forgotten the answer. However, that could be a flaw if an unauthorized user knows everything about your account, such as account number, PIN, last-4, secret answers, etc. I'm not sure how Cox has you verify this, such as either online or only via telephone.
Is the password for your Cox user account different from Cox webmail? I know there are two different links but if you change the password on your user account, does it affect your webmail account? If not, then change the password to your user account.