- Devin Nunes is suing Twitter over parody accounts of his mom, cow Monday 8:15 PM
- The best new movies at SXSW 2019 Monday 7:55 PM
- #AbledsAreWeird demonstrates how not to treat people with disabilities Monday 7:33 PM
- YouTubers keep uploading racist meme anthem played by New Zealand shooter Monday 5:38 PM
- Myspace confirms that a decade-plus of user-uploaded music is gone Monday 5:03 PM
- ‘Love, Death & Robots’ suffers from blatant sexism Monday 4:38 PM
- Khloe Kardashian faces backlash for Instagram post saying to ‘love thy racist neighbor’ Monday 4:07 PM
- This Twitter user wants to expose white YouTubers for racist, transphobic content Monday 3:55 PM
- Trump retweeted a QAnon supporter during his Twitter bender Monday 1:24 PM
- Katrina Pierson supports Trump tweeting more about Fox than New Zealand shooting Monday 1:19 PM
- PewDiePie’s alt-right ties are impossible to ignore Monday 1:05 PM
- With this blade, I protect this meme Monday 12:48 PM
- Lead actress in ‘The Color Purple’ revival criticized for homophobic post Monday 12:39 PM
- ‘Arrested Development’ ends the same way it did the first time—unceremoniously Monday 12:10 PM
- Alleged gunman tried to rob YouTuber Adam22 during livestream Monday 11:32 AM
That replacement Kindle is on its way, whether you ordered it or not.
Scamming Amazon’s customer support is apparently not very difficult.
Self-proclaimed Web technologist and teacher Scott Hanselman took to his blog to
recount the tale of how some random stranger almost scammed Amazon by using social engineering.
For the unfamiliar, social engineering is a type of security breach in which an individual manipulates someone else into divulging personal and confidential information.
On Monday, Hanselman received an email from an Amazon customer service representative notifying him that a replacement Kindle was on its way. One problem though: He never asked for a replacement e-reader.
Hanselman contacted the company’s customer support to get to the heart of the matter. A conversation with a very helpful representative revealed that someone had pretended to be him on Amazon’s live chat system and had successfully requested a replacement device after reporting a malfunction. On top of that, the scammer was also able to have the Kindle sent to a completely different address.
All of this was accomplished without Amazon verifying the scammer’s identity. The only pieces of information they asked of that person was Hanselman’s name, physical address, and email address.
In the end, Amazon’s fraud team was notified and the order was canceled. Hanselman tried to get the chat transcript from the company but was unsuccessful. It didn’t matter, though. The issue was resolved. Or so he thought.
The following morning, he got another confirmation email from Amazon notifying him that the package was on its way.
“I call Amazon again and re-explain what’s up,” he writes. “I ask for the chat transcripts again but they won’t send them.”
“Simultaneous to this phone call I email Amazon Customer Support and ask for the chat transcripts (via email, just to be clear) and the chat transcripts show up quickly in my inbox. Doh.”
The chat log (Hanselman republished on his blog) is replete with clues that suggest it’s not Hanselman who’s requesting the Kindle. For example, the impostor claims that he or she doesn’t have the order number on hand despite sitting in front of a computer.
It also revealed the fraudster’s address, which contained strange numeric code that connected it to a global shipping logistics company. Or as Hanselman explains:
“An address with a number after it allows folks to have a package mailed to them in the US, then the package is transparently forwarded overseas. This number points to an account they have with a post office in a country in Southeast Asia. They received packages from all over, consolidate them, then ship them on masse [sic]. This allows governments and companies (and apparently bad guys) to order stuff from companies inside the US, then pay the international shipping and tariffs as a large shipment when it’s sent overseas.”
Hanselman is not alone. As we wrote about in December 2012, the exact same thing happened to Chris Cardinal.
“I love that (Amazon’s) policy is whatever makes the customer happy,” he told us.
“Nearly-no-questions-asked replacement orders are fantastic when there’s a legitimate problem, and it’s something they have to know is abused but they’re chalking up to the cost of doing business. But the scammer isn’t the customer, and if I need to make a legitimate claim that an order wasn’t received, I run a significant risk of getting blowback from Amazon because of history on my account.”
As Hanselman notes, unless the company changes its security policies, incidents like these will only keep happening.
The Daily Dot reached out to Amazon, but a representative for the online retailer has yet to respond.
Photo via texqas/Flickr
Fidel Martinez is a web culture and politics reporter. His work for the Daily Dot focused on Reddit and YouTube.