Jump to content

Beware: Amazon fraud happening in East Dulwich

Tottleworth

By Tottleworth
in General ED Issues / Gossip

 Share

Recommended Posts

Tottleworth

Tottleworth

Posted
Posted

PROTECT YOURSELF FROM THE LATEST AMAZON SCAM

The local news bit of this follows underneath, but if you use Amazon and think your account is secure, you're wrong

and you should do three things immediately to protect yourself.


1.

If you have any payment cards or paypal/other payment account linked to your Amazon account, remove it immediately. They're not safe, whatever Amazon say. OK, so you will have to manually type in a card number each time you buy something, but better than it being left there 24-7 waiting to be hacked and defrauded - which just happened to me


2.

Also remove your billing and delivery addresses from your account. Again, a small inconvenience to put them in manually each time you buy something. Having your card details attached to your home address on an Amazon master file is dumb. (And delete your order history whilst you are at it. Do you really want the local criminals knowing you just bought a new smartphone/computer/tv as well as where it was delivered?).


3

If you must use Amazon, never have anything delivered to your home address - Use the Amazon lockers in the Co-Op. You can set this up in your account. (Or have items sent to your work address instead - dont put the address in your account details). This is way safer than risking they will deliver when you are not in/don't hear them, leave it with flakey neighbous, or just give it to the first person outside your home... which just happened to me.


Whilst abroad last week, some local sleazeballs managed to hack into my Amazon account and buy an iPad and iPhone.

(It's well known Amazon, amongst others have been hacked on a regular basis).


They weren't hacker enough to change the delivery address to their own place, so they had the stuff shipped to my address and then waited across the road for the delivery van to arrive.


Presumably they turned up at the gate just as the driver was dropping off, probably pretending to be just coming back from somewhere. (I'll be interested to see the recipient signature on the Amazon delivery docket). Even worse was the second delivery that was signed for by a neighbour in a shared house... and then later on, one of their housemates just handed it over without an ID check, when sleazeball came knocking for it.


So ?1k out of pocket, Amazon customer service hopeless, and no evidence that I didn't order the goods, or not receive them. An entire morning on the phone to Amazon, bank, police and fraud team is not recommended


The really scary part is this is not just an internet fraud siphoning money out of your account. It's a local doorstep operation.


So if you use Amazon, protect yourself now

a_m

a_m

Posted
Posted

Sounds like neighbours weren't involved - the scammers just purported to be the recipient instead.


Tottleworth - do you have any idea how they hacked into your account in the first place - i.e. were you using One-Click ordering on a public or shared machine, or a device that got stolen, or has your computer been infected with malware?

worldwiser

worldwiser

Posted
Posted
Not wishing to minimise the inconvenience you've faced but this happened to me some time back and I think the sum total of effort required on my part was 5 minutes. Amazon cancelled the transaction, immediately refunded me and handled the police. In these cases the risks are all borne by the retailer and the banks. You are never likely to suffer any financial cost from this type of fraud. And knowing someone's got a posh telly with a tiny black market value is not a likely incentive for a burglary these days. I think the solution is to carry on living your life, be vigilant to a degree, but not be thrown into a mad panic. Thanks for the warning but I'll be leaving my amazon and other accounts as they are.
LondonMix

LondonMix

Posted
Posted

I have the same questions as kford. How would the criminals know which neighbor the package was left with since the slips are put through the front door? Also, did they stop the email notification of purchase and shipping that would be sent to your account? For me that would be the first tip off if I didn't make a purchase and I would contact Amazon prior to the item being shipped. Did they somehow know you were out of town? If not, its a pretty significant risk to try to doorstep delivery driver when the owner might be in.


I hope this all works out for you. Any additional details would be very welcome.

Tottleworth

Tottleworth

Posted
  • Author
Posted

Hi there... No my neighbours are not involved in the scam!

Once you are inside your Amazon account you can see where and when a delivery has been made. So easy to trace to an address other than the delivery/home address. And no I haven't given over or written down any of the account log-on details.


My understanding so far is they hung around to see when the van arrived for one of the two deliveries, and went to the neighbours a little after there was confirmation of the other delivery. This all occured within 24 hours between Friday and Saturday. (FYI, why do Amazon think anyone would accept something as valuable as an ipad or phone being given to a neighbour rather than returned to depot?). I suppose it could also be an inside job, but some review sites are carrying similar scam stories in the US where the hackers also altered the delivery address.


I've only ever used a private device (MAC), which to my best knowledge isn't carrying malware. (I was travelling in the US, so maybe it was compromised somewhere over Wifi perhaps). I subsequently understand some of the 'remote' capabilities allow hackers to track passwords and other details from just keystrokes alone. Luckily I have more than one device, so can revert whilst I have my travelling device checked out. I definietly wont be using Amazon in a hurry again and have made a clean sweep of all online accounts for any cards and reset all passwords.

Penguin68

Penguin68

Posted
Posted

The most 'routine' ways in which hacking takes place are associated with the person being hacked (and their equipment) rather than the supplier - that is for such 'individual' hacks, rather than mass down-loads of account details and passwords - if you have been travelling and using public wifi that certainly is a route through which hacks can take place - unless your system is made very secure. Did you undertake any Amazon transactions whilst abroad? However I cannot imagine a US hack then attacking a physical UK address for delivery. A ?1000 loss to you/ the bank equates (broadly) to a ?100 gain to the criminal (that is why a safe 'cash-rated' at ?3000 can be used to store non-cash items of a value up to ?30,000). It doesn't seem worth the effort.


Malware (key-loggers) can identify e.g. passwords being input (which is why some firms use drop-downs so that the actual password elements cannot be thus identified) - it is also possible to use electronic devices (close by) to snoop on keyboard and indeed screen activity. To avoid this you need to work in a Faraday cage.


Did you actually receive transaction confirmation by e-mail from Amazon? If you didn't then the hackers would have been good enough to put their own (probably disposable) e-mail in - but they may have had to get it delivered to your address to match the credit card address.


I think if there had been a mass attack on Amazon which compromised loads of accounts that would have been made public by now, which does suggest that this was an individual attack which is more likely to mean that you (or your card) were individually compromised rather than that the Amazon system was.


I would suggest (if you haven't) changing the card used. And the methodology doesn't look, to me, to be Amazon specific.


I am afraid your heading should probably be - 'Beware, Credit card and Internet Account fraud happening in East Dulwich' and yes, it certainly is. Your recommendations on cautionary behaviour go far wider than just for Amazon.

evilmanic

evilmanic

Posted
Posted

Amazon hasn't been hacked, really.


What is very likely, is that your details were compromised elsewhere, it's common that people use the same email address and password combination on other sites.


Be careful when you discard boxes, packing slips or whatever with your email address on, it's quite trivial to use an email address collected this way on a site such as https://haveibeenpwned.com/ - go find what the password has been decrypted as, then try and login to things such as amazon, gmail etc.


If you are serious about your online security, consider using something like 1Password or LastPass, these will generate random passwords for you, that you can use on sites so that this type of attack doesn't work.


It sucks that the amazon delivery person didn't deliver correctly - but Amazon will absolutely make good on this, if it was them at fault.

Loz

Loz

Posted
Posted

An alternative to LastPass is KeePass (which I use) - similar systems, but

- LastPass is a cloud based system, with your passwords held in the cloud (in SHA256 encrypted form). LastPass is proprietary software.

- KeePass uses a SHA256 encrypted local file which I keep on my OneDrive (the cloud storage that comes with Hotmail/Outlook). It's open source and free.

JohnL

JohnL

Posted
Posted

evilmanic Wrote:

-------------------------------------------------------

> Amazon hasn't been hacked, really.

>

> What is very likely, is that your details were

> compromised elsewhere, it's common that people use

> the same email address and password combination on

> other sites.

>

> Be careful when you discard boxes, packing slips

> or whatever with your email address on, it's quite

> trivial to use an email address collected this way

> on a site such as https://haveibeenpwned.com/ - go

> find what the password has been decrypted as, then

> try and login to things such as amazon, gmail

> etc.

>

> If you are serious about your online security,

> consider using something like 1Password or

> LastPass, these will generate random passwords for

> you, that you can use on sites so that this type

> of attack doesn't work.

>

> It sucks that the amazon delivery person didn't

> deliver correctly - but Amazon will absolutely

> make good on this, if it was them at fault.



I've heard Amazon ban you if you have multiple delivery

issues - just that makes me not want to use my home address.


Will always be a dropbox for me now (I didn't know they existed

for a long time).

evilmanic

evilmanic

Posted
Posted

JohnL Wrote:

-------------------------------------------------------

> evilmanic Wrote:

> --------------------------------------------------

> -----

> > It sucks that the amazon delivery person didn't

> > deliver correctly - but Amazon will absolutely

> > make good on this, if it was them at fault.

>

>

> I've heard Amazon ban you if you have multiple

> delivery

> issues - just that makes me not want to use my

> home address.

>

> Will always be a dropbox for me now (I didn't know

> they existed

> for a long time).


It depends, I've reported four issues to them over the last three months (mostly deliveries not arriving on time, but one where the goods said delivered but were not) and each time they have extended my prime subscription by a month and the last time they sent replacement goods the next day.


Obviously, if you order 5 iPads and 5 iPhones and they all go missing, then they'll take a look at possible ulterior motives, but for common problems you should be OK.

JohnL

JohnL

Posted
Posted

evilmanic Wrote:

-------------------------------------------------------

> JohnL Wrote:

> --------------------------------------------------

> -----

> > evilmanic Wrote:

> >

> --------------------------------------------------

>

> > -----

> > > It sucks that the amazon delivery person

> didn't

> > > deliver correctly - but Amazon will

> absolutely

> > > make good on this, if it was them at fault.

> >

> >

> > I've heard Amazon ban you if you have multiple

> > delivery

> > issues - just that makes me not want to use my

> > home address.

> >

> > Will always be a dropbox for me now (I didn't

> know

> > they existed

> > for a long time).

>

> It depends, I've reported four issues to them over

> the last three months (mostly deliveries not

> arriving on time, but one where the goods said

> delivered but were not) and each time they have

> extended my prime subscription by a month and the

> last time they sent replacement goods the next

> day.

>

> Obviously, if you order 5 iPads and 5 iPhones and

> they all go missing, then they'll take a look at

> possible ulterior motives, but for common problems

> you should be OK.


Glad to here that

Deliveries suck where I live :)

Bic Basher

Bic Basher

Posted
Posted

As mentioned above, never use public wi-fi for ordering goods or online banking. There are people who scan those services who will hack into your personal data.


If you have to, change your passwords as soon as possible or use your mobile data instead.

Horsebox

Horsebox

Posted
Posted

Just been told my dad's Amazon account was hacked last night and iPads and iPhones ordered for delivery today to my address in SE22.


Amazon cancelled order as it was deemed suspicious. They've now suspended his account whilst they investigate further.


I'm sure the SE22 connection is just a coincidence.

Loz

Loz

Posted
Posted

KessonL Wrote:

-------------------------------------------------------

> Use Amazon gift cards dont use credit or debit cards online there are ways to pay like pre paid

> master cards called idt prime cards ... Or then theres google pay with gift cards or even paypal

> ...


Not using credit cards might seem like a good idea, but of course with paypal and other payment methods you lose your Section 75 rights.


http://www.moneysavingexpert.com/credit-cards/PayPal-Section75

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

East Dulwich Forum

Established in 2006, we are an online community discussion forum for people who live, work in and visit SE22.

Home
Events
Sign In

Sign In



Or sign in with one of these services

Search
×
    Search In
×
×
  • Create New...