Viewing 16 posts - 1 through 16 (of 16 total)
  • Weird Amazon Account Hack
  • nobbingsford
    Full Member

    Looks like my Amazon account has been hacked. Got an email yesterday telling me that the email address on the account had been changed. This comes only a few days after the same thing happened during the week by the way.

    Reprted to Amazon straight away obviously.

    Here’s the weird bit: the hacker has placed an order comprising 7 random items, which has dispatched. They are all weirdly cheap at 50p each – like an action cam. Total order value £3.50
    All items from same (new) seller. Delivery address is mine.

    Why do this?

    I’m assuming it’s the seller?

    But they must know I’d notice as Amazon notifies me of the email address change.

    And why bother with 7 items? Why not just one?

    I’m assuming nothing will actually be delivered but just baffled by the whole thing.

    Also – how the hell did they get in? I changed my password as soon as the account was restored following the previous back during the week.

    mikewsmith
    Free Member

    Here’s the weird bit: the hacker has placed an order comprising 7 random items, which has dispatched. They are all weirdly cheap at 50p each – like an action cam. Total order value £3.50
    All items from same (new) seller. Delivery address is mine.

    test purchases?

    But they must know I’d notice as Amazon notifies me of the email address change.

    That bit is a numbers game, not everybody notices, especially when you have things like gmail filtering so stuff goes to an update mailbox not your front page or you just don’t read everything – plenty will not.

    Also – how the hell did they get in? I changed my password as soon as the account was restored following the previous back during the week.

    How secure is your password? How up to date is your security? Which device did you change the password on?

    nobbingsford
    Full Member

    How secure is your password? How up to date is your security? Which device did you change the password?

    After the first hack during last week I used a random password generator to create new passwords for all of my online accounts. All 8 character and a mix of random upper case, lower car and numbers. Changes made on my new windows 10 laptop.

    Test purchases?

    I get the test purchases bit, but why bother adding 7 different items into a single order when 1 would do? And the seller (my prime suspect!) has gone to the bother of pricing those items low specifically to include them into a low overallorder value.

    Just all seems an unnecessary faff for the hacker.

    Fresh Goods Friday 696: The Middling Edition

    Fresh Goods Friday 696: The Middlin...
    Latest Singletrack Videos
    Cougar
    Full Member

    Was the first email a phishing scam?

    DickBarton
    Full Member

    Are they looking to improve their seller score? Hack accounts, order stuff then heap praise on a fantastic service?

    johnners
    Free Member

    After the first hack during last week I used a random password generator to create new passwords for all of my online accounts. All 8 character and a mix of random upper case, lower car and numbers.

    I’d treat 8 characters as a bare minimum. Use a password manager to let you handle longer ones without too much trouble. Amazon supports basic 2FA, so use it. Unfortunately it texts you the code but it’s still better than nothing. BTW, if anyone knows how to switch off Amazon txts I’d love to hear it.

    Greybeard
    Free Member

    As Cougar; could the first email have been a scam? They drop some malware on your PC and tell you the account is hacked, so you change the password and their malware tells them the new one. If you still have the first email check the hidden headers and see who it was really from.

    northernsoul
    Full Member

    Do you use your Amazon account on any other devices (e.g. smart TV) that could have been compromised?

    Drac
    Full Member

    Yup £10 says the first one was fake. I get them at least once a week to emails not even associated with Amazon. They say my password needs updated, my account is compromised or I’ve been charged £180 for Prime.

    johnnystorm
    Full Member

    A month or two ago my account was compromised and a load of stuff was bought and my password changed so I couldn’t get in. Luckily my daughter’s Kindle fire kids is linked to my account so I got all the order notifications through it which alerted me. Sorted it with Amazon who refunded everything. Neither Music Magpie, Royal Mail nor the Met were bothered in stopping the delivery of an iPhone however.

    Back to the OP’s query on why do a load of daft little purchases. Yesterday I received a bunch of spoof emails “from Amazon” asking for my new card details so they could refund the fraudulent purchases. Presumably that’s when they go to town on the spending elsewhere.

    I have the address of where the fraudulent purchases were sent, just waiting on my bombers to come back from a service.

    shinton
    Free Member

    @johnners you can use apps like Google Authenticator instead of text for 2 factor authentication. Just go into your security settings and you switch it on via the same page as the text verification.

    garage-dweller
    Full Member

    My mum told me moment…

    Something in Which? (Or similar thing) this week/month called it Brashing (iirc).

    If I understood the explanation right…

    Hack your account (and a bunch of others)
    “You” order some products from a new seller
    The products are of course the awesomes and “you” leave a brilliant review
    The seller now has some (not so) legitimate (looking) feedback for their dodgy wares
    Seller can now rip off people at full RRP

    The prices are low I think so you may not notice them for longer.

    I think that’s the gist of it but may not be totally technically accurate

    ross980
    Free Member

    My Amazon account got hacked last year, my address was changed to a flat in New York and somebody changed the payment method to a (probably stolen) credit card. I changed it back before there were any orders and reported it.
    I’ve now got 2 stage verification on my account so the only way to log in is to also have access to my mobile for the code they text through (you can nominate ‘safe’ devices so it’s not actually a PITA to do). I’ve got the same thing on PayPal as a precaution after my OH’s PayPal account was hacked

    In summary, get the two stage verification set up as Amazon seems extremely lax when it comes to security (‘one click’ purchase anyone?)

    Flaperon
    Full Member

    Can I offer a word of caution against two factor authentication? Firstly, it doesn’t work if someone also has access to your phone or another SIM with your number on it, but mainly because if you lose your phone number you’re totally buggered.

    Screwed up the PAC thing when moving from EE and I’ve basically had no access to anything I’ve got 2FA for. Unfortunately Gmail is also secured with 2FA so password resets for everything else failed…

    Turns out you can download a list of emergency backup codes for Google and print them out. I really recommend doing this.

    johnners
    Free Member

    @johnners you can use apps like Google Authenticator instead of text for 2 factor authentication. Just go into your security settings and you switch it on via the same page as the text verification.

    Thanks, but I want to switch off texts and can’t see a way to do that. It always has text as “preferred method” so I get a text as well even if I do use Authenticator.

    Turns out you can download a list of emergency backup codes for Google and print them out. I really recommend doing this.

    Yes, plus set up an additional means of identification (like Yubikey or Authenticator) and maybe a backup phone number, all of which Google supports. For an ordinary user nothing should be better protected than your main email account but you need to ensure that you’ll be able to access it!

    nobbingsford
    Full Member

    Well, got it all sorted with Amazon yesterday.

    I asked them to close my account, as I was concerned about it happening again.

    I’ve set up a new account using a new email address. I’ve also opted for the two factor authentication which I’m doing using the Microsoft authenticator app.

    Fingers crossed that’ll be the end of it.

    Still need to claim my £3.50 back from my credit card though…

Viewing 16 posts - 1 through 16 (of 16 total)

The topic ‘Weird Amazon Account Hack’ is closed to new replies.