With cybercrime on the rise, security precautions are very important. Cautious individuals ensure their safety online by having 2FA, unique passwords, working only on protected computers, and spotting attacks in good time before the system is interfered with. However, is all this enough? Sadly, there is always that clever individual ahead of us and we get duped subtly.

Such crafty acts are intended to reveal private information and the deceiver on the other end manipulates your data. Most systems, however, have backdoor consumer support. This post focuses on my ordeal with I will largely dwell on Amazon Customer Service.

I am a regular shopper at the online market giant. Wouldn’t you also feel safe if they have your personal information due to constant interaction? To top it up, I was among their many Software Developers in addition to using AWS extensively. The latter would cost at least $600 monthly. Then things started heading south.

I first received a seemingly harmless email from Amazon Customer Service. It wasn't unusual since it's common to get emails from them. But this one was rather weird. Apparently, they were thanking me for contacting their customer support. Had I written to them? No. I reasoned that maybe it was a late response after contacting them a few months earlier. Or it was just a mistake altogether. Such situations raise an eyebrow so I decided to get some clarification on the matter. I inquired from Amazon what the email was all about. To my shock, they said I had conversed with Amazon Customer Service. But how and when?

As their evidence, they sent a transcript. The conversation was between the customer service agent named Mahesh and another Eric Springer because that definitely wasn’t me. The guy was inquiring about the location for his latest shipment. Mahesh then requested contact information and that guy responded. I was fully convinced that wasn’t me as soon as I saw that email address. It wasn't mine! It was one that I used in a nearby hotel to access some services. Since it's in proximity to my residence, it matches with my ip address. When one registers on such public domains, their information is easily accessed. That’s how private information is leaked.

The conversation continues with Mahesh asking if the ordered item is a Wacom Intuos pen and Touch Small Tablet. After ‘Eric’ confirms it’s the one, Mahesh mentions the item is on the way to delivery. The imposter asks for the shipping address and Mahesh includes a link to the tracking location. Confidential details are also revealed. To sound like me, the attacker also asks for balance on the gift card. There wasn't any money anyway. Who says," Have a good rest of the night or day". His grammar is as bad as his evil intentions.

That fake email from a whois inquiry by the attacker was the window to all my details. And Amazon Customer Service didn't know! My phone number and address were exposed. That was terrible because he would get access to my essential services. The bank is the worst. Processing a new credit card would be easy pizzy for them leaving me in peril.

Trying not to overreact, I contacted AWS and Amazon retail to express dissatisfaction on the matter. I told them that my account should have a note since it's at a high risk of being social engineered. Amazon retail agreed to the note and said a specialist would get in touch. Up to date, no one has contacted me. As for AWS, they dismissed the idea that I was at risk. I am the one who is affected here for crying out loud!

Choosing not to be overpowered by negativity, I update my details on Amazon. A few months later, another email pops up! Another customer service email. Oh no, this can't be happening again. Another imposter contacted Amazon on my behalf. The agent at the support desk just told me to change my password. But that's what I had done and it happened the second time. I had no choice to admit contacting Amazon's support desk so that he'd give me the transcript. The fraudster used the email obtained from the last conversation. This time he wanted to get my credit card number. Fortunately, the agent declined. Amazon failed to put a note on my account or get a specialist to contact me, again! That was very frustrating. Consequently, I deleted my address from my account.

The third attempt just hit me to the core. As noted, it all begins with an email from customer service. In this case, they were informing me that I could view or print the invoice for my purchases with a link therein.  What orders did I place? Wanting to get to the bottom of things, I contact Amazon, as I always do when all this happens. The execution of this crime had advanced in round three. The attacker had called Amazon, pretending to be me. So, I couldn’t get a transcript. Unfortunately, they didn’t record the conversation. Maybe they got the credit card number they were after.

If such incidents befell me once or twice and I got needed protection, It would have been easy to let the issue lie low. But impersonation occurred thrice and the people I sought help from seemed less concerned. That leaves me with no other choice than to move from Amazon. Actually, account closure is underway. At least Google services seem to do better in data protection.

The bottom line

Online fraud is real. Even big companies grapple with their existence. Nonetheless, they should still guarantee security to their customers. I would recommend that agents should be trained on handling customer concerns only when the user is logged into their account. Additionally, they should be able to obtain ip addresses of those connecting to the service. Otherwise, imposters will continue to mess people up. If different emails are used for the connection of various activities online, customer protection is enhanced. Secured whois domains also go a long way in avoiding attackers. These are bad experiences that I wouldn’t want anyone else to go through. Be cautious when using the internet. You don’t know who is after you.

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.