1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Hi Guest, welcome to the TES Community!

    Connect with like-minded education professionals and have your say on the issues that matter to you.

    Don't forget to look at the how to guide.

    Dismiss Notice

Amazon Security Issues

Discussion in 'Personal' started by Oscillatingass, Sep 10, 2019.

  1. Oscillatingass

    Oscillatingass Star commenter

    My Amazon account has been hacked twice in the space of seven weeks. First time £120 worth of gift cards and software were purchased by the thief using my debit card details. The loss was refunded by my bank and I found Amazon Customer service to be distinctly unhelpful. Following the first "attack" I changed the password and email address associated with my Amazon account and rather than trusting them with my replacement debit card information, I simply uploaded £15 worth of credit into my account from an Amazon gift card I purchased from a supermarket. I downloaded a Kindle book valued at £4 and 24 hours later a hacker had spent £10 of the remaining credit on an Xbox software download.
    Now obviously because I have not provided card details there is a limit to the damage that can be done but it is extremely disconcerting. Clearly, if I wish to purchase anything from Amazon I need to do it as soon as I upload credit because otherwise the hacker will spend my money before I do. I was just wondering if anyone else out there has experienced any such issues with Amazon?
     
  2. Rott Weiler

    Rott Weiler Star commenter Forum guide

    We use Amazon and I know a lot of other avid amazon users and none of us have ever had anything like this happen to us. The only data breach at Amazon I recall was one in the US of email addresses last year, not credit card data. I don't really follow this stuff much but I get the impression Amazon security is pretty good.

    As you changed both email address and password and were hacked again almost immediately I wonder if the hackers are stealing your information from somewhere else, not Amazon? Have you done though security checks on your own computer? Could have malware or a keyboard logger have infected it and that's how they are stealing your login?
     
  3. Oscillatingass

    Oscillatingass Star commenter

    Thanks for your reply, Rott Weiler. I am open to any suggestions regarding this. If it was a case of key logging or Malware surely there would be other attacks but it is only Amazon. I use Ebay without problems and have purchased goods from other on line retailers problem free. Indeed, I feel I have no choice but to do so since I cannot trust Amazon. I have run Malwarebytes on my laptop and found no issues. I have the OTP two part verification enabled with Amazon but the thief seems to get round this with ease. My £15 credit resided happily in the Amazon account for around two weeks and it was only when the Kindle download was purchased that the attack occurred less than 24 hours later, dunno if this is significant. The only reason I have not cancelled the whole thing is the link to my Kindle. The thing is rendered useless without an Amazon account.
     
  4. Rott Weiler

    Rott Weiler Star commenter Forum guide

    Good point. Sorry, I don't have any other suggestions. Hopefully someone much more techie than me will have some ideas to post.

    Would setting up Amazon 2-step verification help?
     
  5. sbkrobson

    sbkrobson Star commenter

    Those who use your credentials fraudulently in the way you have experienced will typically start out small. The hope is that you wont notice. Why, if they have your details, will they only spend £10 worth of credit? If the route they have used is still available, they might then repeat their actions but maybe on a larger scale and with more frequency.
    If key logging is the issue, then this way of operating is the most useful, because you remain undetected for longer.
    This,I have on discussion with my own bank a while ago.
    So your reasoning about not experiencing other attacks is not necessarily informative in the way you'd think.

    If it is of any interest, my own credentials were "stolen" a year or so ago, and it was traced back to the point of using the Radio Times gift shop for a family Christmas purchase. Who'd have thought.
     
    Last edited: Sep 10, 2019
    agathamorse likes this.
  6. Oscillatingass

    Oscillatingass Star commenter

    I have already enabled the OTP 2-step verification to no useful effect since the hacker seems to by pass it with impunity.
     
  7. Rott Weiler

    Rott Weiler Star commenter Forum guide

    The only person I know who had problems of this sort (not with Amazon specifically) had been the victim of SIM card fraud. The fraudsters had gained control of her mobile number.
     
    agathamorse likes this.
  8. Oscillatingass

    Oscillatingass Star commenter

    Many thanks for your response, sbkrobson. Because I no longer trust Amazon with my Debit Card number the thief can only steal whatever credit amount I upload into my account using a gift card. Thus my £15 account balance was reduced to £11 when I bought the Kindle book. The thief then spent ten of the remaining eleven pound balance. I only wish Amazon were more proactive in tracing the method the thief uses but they are worse than useless. The theft occurred on Saturday afternoon and I reported it immediately. I was told the "Accounts Team" would get back to me regarding the issue wityhin 24 hours: no they didn't so I phoned again on Sunday and was given the same promise but of course 24 hours elapsed with no communication from them. I phoned again and was given many apologies and a promise I would have my money restored within 48 hours. I am not expecting anything. It is not so much the money, I can control that it but it is the idea someone can access my account with such impunity.
     
  9. Oscillatingass

    Oscillatingass Star commenter

    Interesting, not to mention very worrying. How does a SIM card fraud work?
     
  10. Rott Weiler

    Rott Weiler Star commenter Forum guide

    https://en.wikipedia.org/wiki/SIM_swap_scam

    https://www.bbc.co.uk/news/business-46047714





    In the case I know of the person found their mobile wasn't working one day. It turned out the fraudsters had ported her number to another operator and then had control of her incoming 2-step verification codes. They used them to steal over £30k from her bank accounts (fortunately bank reimbursed!).

    According to my bank this is very common and the security weakness is with mobile phone companies who allow the mobile number to be transferred without making adequate security checks. Banks aren't happy as they end up footing the bill.

    Whether this could be the case for you I rather doubt, especially if your phone is working OK, but thought it worth mentioning. As SIM card frauds get found out quite quickly the fraudsters normally go for big sums of money, they don't mess around with £10 frauds.
     
    Last edited: Sep 10, 2019
    agathamorse likes this.
  11. Oscillatingass

    Oscillatingass Star commenter

    Ok thanks for that. Yes, as long as I only upload small amounts into my Gift Card balance and spend it as quickly as possible, the hacker wont be able to gain anything. It is just a pity I can no longer trust Amazon.
     
  12. colpee

    colpee Star commenter

    Your new password and speed of compromise must mean something:

    How/where do you keep it?
    Does your browser log you straight in?
    Has anyone got access to your details?
    Did you use any email link confirmation to confirm your new details?
     
  13. Doitforfree

    Doitforfree Star commenter

    I never did!
     
  14. blue451

    blue451 Senior commenter

    I haven't had such problem but I like the idea of using a gift card rather than them having my debit card numbers.

    Am on it.
     
    Oscillatingass likes this.
  15. lilachardy

    lilachardy Star commenter

    If they are ordering goods from your account, can you not see their address?
     
    colpee likes this.
  16. colpee

    colpee Star commenter

    Our children use gift cards to buy their x-box games from the Microsoft store - no bank cards get near that!
     
  17. MrMedia

    MrMedia Star commenter

    Does sound quite suspicious. The answer will be tough to find. I’d be inclined to set up a new amazon account with a new email address dedicated to the amazon account and reconnect the kindle to the new account. I’d also do a clean install on my pc or laptop.
     
    Lara mfl 05 likes this.
  18. Oscillatingass

    Oscillatingass Star commenter

    No I cannot. I receive an email containing a link to download the software the thief has purchased avoiding the two part verification process. The hacker has thus far only purchased software and gift cards all of which can be received by email. My home address has not been changed by the hacker and remains as I set it up.
     
  19. Oscillatingass

    Oscillatingass Star commenter

    Yes that is the beauty of uploading gift cards which can be purchased for varying prices at Tesco, Sainsbury and other outlets.
     
  20. Oscillatingass

    Oscillatingass Star commenter

    1.I don't keep my password anywhere but in my head and only use it when I need to type it in in order to open my account.
    2.Yes my browser does log me straight in but I cant buy anything or look at anything inside my account until I supply my password and supply the verification code Amazon send to me.
    3. No one has access to my details apart from myself and Amazon
    4.You have to use a link provided by Amazon in order to verify your new password.
     

Share This Page