- Ohio KKK rally met with massive counter-protest and witty signs from local businesses Saturday 5:06 PM
- Guy who said he stole drugs from MS-13 now says viral story is fake Saturday 4:07 PM
- Financial service company left 885 million private records exposed online Saturday 3:13 PM
- Sasha Obama went to prom and Twitter is delighted with the photos Saturday 2:22 PM
- Jon Voight says Trump is the greatest president since Lincoln in Twitter videos Saturday 1:31 PM
- #DeleteFacebook gains momentum after the platform refused to remove doctored Nancy Pelosi videos Saturday 11:58 AM
- ‘Game of Thrones’ failed women—and it’s a shame on its legacy Saturday 7:40 AM
- How to use Tor, the network that lets you browse the web anonymously Saturday 7:30 AM
- How to live stream Devin Haney vs. Antonio Moran on DAZN Saturday 7:00 AM
- Trump’s transphobic policies are disgusting—but they aren’t new Saturday 6:30 AM
- How to watch the Copa del Rey Final online for free Saturday 5:45 AM
- How to watch the DFB-Pokal final for free Saturday 5:30 AM
- Curvy Wife Guy drops music video for rap song ‘Chubby Sexy’ Friday 7:33 PM
- A ‘Black Mirror’-inspired miniseries is coming to YouTube via Netflix Latin America Friday 5:56 PM
- Kanye West appears on David Letterman’s Netflix show to talk Trump, TMZ, and Drake Friday 3:27 PM
That replacement Kindle is on its way, whether you ordered it or not.
Scamming Amazon’s customer support is apparently not very difficult.
Self-proclaimed Web technologist and teacher Scott Hanselman took to his blog to
recount the tale of how some random stranger almost scammed Amazon by using social engineering.
For the unfamiliar, social engineering is a type of security breach in which an individual manipulates someone else into divulging personal and confidential information.
On Monday, Hanselman received an email from an Amazon customer service representative notifying him that a replacement Kindle was on its way. One problem though: He never asked for a replacement e-reader.
Hanselman contacted the company’s customer support to get to the heart of the matter. A conversation with a very helpful representative revealed that someone had pretended to be him on Amazon’s live chat system and had successfully requested a replacement device after reporting a malfunction. On top of that, the scammer was also able to have the Kindle sent to a completely different address.
All of this was accomplished without Amazon verifying the scammer’s identity. The only pieces of information they asked of that person was Hanselman’s name, physical address, and email address.
In the end, Amazon’s fraud team was notified and the order was canceled. Hanselman tried to get the chat transcript from the company but was unsuccessful. It didn’t matter, though. The issue was resolved. Or so he thought.
The following morning, he got another confirmation email from Amazon notifying him that the package was on its way.
“I call Amazon again and re-explain what’s up,” he writes. “I ask for the chat transcripts again but they won’t send them.”
“Simultaneous to this phone call I email Amazon Customer Support and ask for the chat transcripts (via email, just to be clear) and the chat transcripts show up quickly in my inbox. Doh.”
The chat log (Hanselman republished on his blog) is replete with clues that suggest it’s not Hanselman who’s requesting the Kindle. For example, the impostor claims that he or she doesn’t have the order number on hand despite sitting in front of a computer.
It also revealed the fraudster’s address, which contained strange numeric code that connected it to a global shipping logistics company. Or as Hanselman explains:
“An address with a number after it allows folks to have a package mailed to them in the US, then the package is transparently forwarded overseas. This number points to an account they have with a post office in a country in Southeast Asia. They received packages from all over, consolidate them, then ship them on masse [sic]. This allows governments and companies (and apparently bad guys) to order stuff from companies inside the US, then pay the international shipping and tariffs as a large shipment when it’s sent overseas.”
Hanselman is not alone. As we wrote about in December 2012, the exact same thing happened to Chris Cardinal.
“I love that (Amazon’s) policy is whatever makes the customer happy,” he told us.
“Nearly-no-questions-asked replacement orders are fantastic when there’s a legitimate problem, and it’s something they have to know is abused but they’re chalking up to the cost of doing business. But the scammer isn’t the customer, and if I need to make a legitimate claim that an order wasn’t received, I run a significant risk of getting blowback from Amazon because of history on my account.”
As Hanselman notes, unless the company changes its security policies, incidents like these will only keep happening.
The Daily Dot reached out to Amazon, but a representative for the online retailer has yet to respond.
Photo via texqas/Flickr
Fidel Martinez is a web culture and politics reporter. His work for the Daily Dot focused on Reddit and YouTube.