Amazon customer service backdoor

As a protection aware user who follows the best practices like: the use of specific passwords, 2fa, best using a cozy computer and being able to spot phishing assaults from a mile away, i might have concept my accounts and details could be be pretty secure? Incorrect.

Due to the fact whilst a person has long past after me, it all goes for not anything. That’s due to the fact most systems include a backdoor, customer support. In this post i’m going to consciousness at the maximum grievous perpetrator: amazon.Com

Amazon.Com was one of the few agencies i depended on with my personal data. After all, i save there, i used to work as a software developer and i’m a heavy aws user (raking up properly over $six hundred/month)

At the start, i thought it might be a mistake or a delayed e mail from the time i contacted them months in advance. However interest got the better of me, and i contacted amazon customer service to ask what it turned into about. They told me that “i” had a communication with amazon assist? What the hell? It turned into a textual content-chat, and they emailed me a transcript

Allow me simply prevent proper there, so i’m able to factor out that address isn’t mine. It’s just a fake deal with of a resort that was inside the same zip code wherein i lived. I used it to check in a few domain names, understanding that the whois statistics all too frequently becomes public. I used the identical trendy place as i lived, in order that my ip address would healthy up with it.

Wow. Just wow. The attacker gave amazon my fake information from a whois query, and got my real deal with and call quantity in exchange. Now they had sufficient to bop round some offerings, even convincing my bank to difficulty them a brand new reproduction of my credit score card.

Trying very hard to not take out my frustrations on an unrelated aid rep, i contacted each amazon customer service number retail and aws expressing my unhappiness and asking them to place a word on my account that it’s miles at extremely high threat of being social engineering, and i can constantly be capable of logging in. Amazon retail said they might put a be aware, and feature a specialist contact me (who in no way did) even as aws was dismissive of even a risk existing.

Speedy forward more than one months, i made the large mistake of questioning the chance became long past, giving amazon my clean credit score card and now new deal with information. I get hold of some other e mail. I sense a pit of my stomach.

So all over again, i touch amazon customer services guide to see what came about. This time i had the delight of handling a support agent who appeared 100% incapable of understanding that a person turned into impersonating me. I had hassle retaining my composure whilst he told me i must trade my password to save you people impersonating me. Finally i had to basically tell him that it become “me” that contacted support and i wanted “my” transcript, which he provided.