Army Rumour Service

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Amazon account hacked.

Ritch

LE
Amazon Prime is a bugger for trapping you, even when you set the 'cancel' in motion, they make moves on you.... check that you really are not on Amazon Prime.

Yep, not on it. Bank account is fine, no purchases either. I just don't understand this text I get probably once a week.
 
Also, make sure you 'sign out' when done. Some devices remember your details and when you open the site, you are still logged in.

What Daxx said - log out after you make the transaction.

We have had several customers order stuff from our website online using mobile phone apps. They then find that they have paid twice. We checked with the company that runs the transaction process for our on line sales and they have said that there is a problem with some phone and tablet apps which stays logged on UNLESS you actually log out of the relevant web page or close down the browser. If you do not log outor close the browser and subsequently go back to the web page then the app recognises the transaction as being in process (ie not completed) and procedes to complete it by making another payment.

Apparently the problem lies with the phone apps and not the payment systems but the phone companies apparently don't want to do anything about it...

If you do use your phone or tablet to order on line then do as Daxx suggests and log off or close down the web browser before doing anyhting else...
 
Just done that.
Thankfully mines OK.
My oldest email (>20 Years old & now just used for signing up to junk stuff where I have to put an email in) has been in 10 breaches.
 
I would put your email address into https://haveibeenpwned.com - it's a legitimate service that will tell you if your email address has been leaked in published breaches of security.

Then change any account where you use the same email / password combo.
Good suggestion.

I also use this site to test password strength - enter an approximation of your password (i never use my exact one - change a figure or letter) - and it will tell you how long an IT attack would take to breach your password. It is also a legitimate site:

 

Fang_Farrier

LE
Kit Reviewer
Book Reviewer
Contacting Amazon is reasonably quick (especially considering I was an hour on hold to a bank the other day)

Amazon call centre, hello can I help

FF. Someone has hacked our account and somehow changed the email address.

Amazon. Are you sure?

FF. Yes, various devices have been logged off asking to be registered, we can't access the account although from our bank we know that there have been some low level purchases. Your log in page and reset password both say that they don't recognise the email address.

Amazon, what is email

FF. Says email

Amazon. I'm sorry we don't have an account under that name.

FF, I know, someone has hacked our account and somehow changed the email address

Amazon, and what is email?

And at this point it goes round and round in circles.
 

FrosteeMARIA

LE
Gallery Guru
Had a similar situation a while back - my own fault for using a very old email address and hadn't updated the password for more than ten years..... Amazon were very good though - account reinstated within the hour and all ebooks and outstanding genuine orders were still there. They (scammers) had tried to order a Nintendo Switch and a few games, so could have been quite expensive. Interesting though that I managed to obtain the fake "delivery" address and a few other details and passed all this info on to Action Fraud (as recommended by Amazon CS) but they have done bugger all. Ah well! 2 Factor Auth and a new email and password all is well again.
 
Some high end criminal has hacked into our amazon account. And when I say our I actually mine Mrs F's as I never access it these days.

It seems simple, however they managed entry, they have swopped the email address so that ours is no longer recognised by Amazon.

It became apparent to Mrs F on Monday night when she couldn't read her book on her kindle although she didn't actually mention it until 11pm last night when all I could see was a kindle saying it wasn't registered. A failure to log in to amazon led to an attempt to reset password which is when we got the email not recognised message.

Tiny Miss F's kindle is similarly affected.

Obviously we checked bank as Mrs F has Amazon prime which means no end of things could have been ordered but it appears that all these criminal masterminds have bought is 3 videos on amazon prime videos, worth a total of £22.97.

So contacted bank and stopped credit card to prevent any further losses

Just have to wait and see what Amazon say today once their customer service call centre opens.

Whilst the physical financial loss is small, there are a number of books on our kindles which we have paid for and not yet read.
This happened to Madame mnairb a few weeks ago - 5 kindle technical books ordered that she had no knowledge of for almost exactly the same amount of money. My son contacted Amazon and got the money back and (I think) put her on two factor authentication.
 
Yep, not on it. Bank account is fine, no purchases either. I just don't understand this text I get probably once a week.
Do you have an unbelievably technologically challenged ex anywhere who signed up to many things with your email as she could not remember the password to her own? Asking for a friend.
 

Ritch

LE
Do you have an unbelievably technologically challenged ex anywhere who signed up to many things with your email as she could not remember the password to her own? Asking for a friend.

I can see your way of thinking but no.

I'm wondering if someone has mistyped their phone number into Amazon and I'm getting notifications of their orders.
 

Mr Happy

LE
Moderator
I can see your way of thinking but no.

I'm wondering if someone has mistyped their phone number into Amazon and I'm getting notifications of their orders.

I was going to suggest that you’ve got Someones old mobile number or someone else has done a typo. You can probably ask AZ to delete it from whatever account it is. Nearly a Billion customers so probably not the first time and they probably have a process..


Sent from my iPhone using Tapatalk
 

Ritch

LE
I was going to suggest that you’ve got Someones old mobile number or someone else has done a typo. You can probably ask AZ to delete it from whatever account it is. Nearly a Billion customers so probably not the first time and they probably have a process..


Sent from my iPhone using Tapatalk

I'm thinking you may be right - my current number was only given to me by O2 a couple of months ago as I was getting up to 30 calls a day from Bitcoin scammers on the other.
 
Same as OP last week, for the 3rd time in 18 months.
Somehow, they used SWMBO's old dead account to sort of dovetail into her active account, and took $4.99 as a taster..probably to see if we'd notice. We did.
Clydesdale bank's Falcon Team were on it rapido.
We have our online accounts set to alerts for everything over a fiver for anything other than SO-DD's.
We await our new card. The bank told us to remove bank details after every purchase, which is a bind.
However, I've set a Prime bank account up with no more than a tenner in it, and simply before a purchase I transfer that amount into the account.
People may find, if they check online, Luxembourg is a common scammer base, as Amazon does use it legit.
Thing is, we find Amazon a huge help since Cov-id, and would find it more of a nuisance to cancel.
 
I went into my account a couple of days ago and found 10 items in my shopping basket that I definitely didn't order. They couldn't complete the order due to the two step verification, but I changed my email address and password for my account just to be on the safe side. I also have started to sign out after use.
 

Wordsmith

LE
Book Reviewer
As well as others' advice, I would delete the details of any credit or debit cards where you store the details online. It means you have to spend an extra three minutes entering those details when you want to buy anything, but gives you peace of mind if you are hacked.

Edit: on some sites, when you enter your card details, the site automatically saves your card details. There is usually a tick box on the screen which you can un-tick, to prevent your card details from being saved.

Amazon is an oddity as far as credit cards are concerned - most on line retailers require you to add the CVV - the 3 digit number on the back. Amazon don't.

Adding the CVV is not a legal requirement, but the credit card companies change a small additional premium for not doing so - the CVV is an anti-fraud measure. It's also illegal to store the CVV on back end systems.

Amazon have obviously done deal with the credit card companies, because they can legally store all the rest of the credit card information. As they don't request the CVV, that allows their 'one click' technology - if your credit card info is stored it goes through without the CVV that they're not legally allowed to store.

(One reason they get away with not using the CVV is that they have multiple other anti-fraud measures like multi factor authentication, confirming new delivery addresses with you, etc).

Wordsmith
 
After reading through this I quickly set up the second level of security. I've never been concerned about Amazon before but these cyber thieves get more proficient at their trade increasingly now.
I was surprised how easy it was and I'm satisfied that I'm safe now.
Manth thanks to @Fang_Farrier for bringing it to our attention.
 
Amazon is an oddity as far as credit cards are concerned - most on line retailers require you to add the CVV - the 3 digit number on the back. Amazon don't.

Adding the CVV is not a legal requirement, but the credit card companies change a small additional premium for not doing so - the CVV is an anti-fraud measure. It's also illegal to store the CVV on back end systems.

Amazon have obviously done deal with the credit card companies, because they can legally store all the rest of the credit card information. As they don't request the CVV, that allows their 'one click' technology - if your credit card info is stored it goes through without the CVV that they're not legally allowed to store.

(One reason they get away with not using the CVV is that they have multiple other anti-fraud measures like multi factor authentication, confirming new delivery addresses with you, etc).

Wordsmith
I did not know that.
I assume the money made from impulsive purchase 'clicks' more than offsets the premium. It is v easy to pile up spending when you just click to purchase.
 
A russian website?
Pass on that thanks.

FBI have closed the other ones, just type in the details without joining - you can see if they have been leaked, pay on paypal or bitcoin to see the details in full.

This gives you the same details without access to seeing the leaks


 

New Posts

Latest Threads

Top