Didn't Use Amazon For A Month And This Happened

Posted on | In

Relatives, family and close friends are not all very tech savvy. Some can google well, others can write mails and there are even those that can do both and more. This is the first step of this post into the internet, security and what else exists there in our digital world full of adventures.

The Beginning Of A New Adventure

This short story is about a small frustration that was found when being asked to help recover an Amazon account. A suspicious but very legit mail from 1 month ago to the old mail account that was used there (and not checked often…) received a “Your phone number has been changed” and “Your mail has been changed” notification, no link on “That was not me” … that link was for the 3 mails previously, hinting on potentially melicious logins from US located IPs, of a potentially not so US citicen.

Long story short: Contact the helpdesk, get the account back, profit

Back To Reality

The account owner is from Austria. amazon.at is redirecting to amazon.de, there is a service helpdesk link. So far so good. Next step: Pressing the “Contact us” which is marked with a nice phone icon and does mention “phone, chat or mail” in the description. Aaand we get a login page. Okay, now we can select “Forgot password” as we don’t know the password, thanks to someone having it changed for us without consent. Unfortunately the 2 ways to do this are: mail and phone. Looking back, those 2 have been changed by the “new owner”, let’s call him Frank. Thanks Frank.

We think thats a dead end. Some search engine crawling and numbers that are out of service later, we came back to the “forgot password” page on amazon, checking if we missed anything. We are in luck there is a small note below in case those 2 options are not valid options, the link is called “service center”, us thinking: Again? Okay, here goes nothing!

Something we did not expect: This service center page has a drop down that allows us to select multiple options, yay!

  1. Choose a topic (default)
  2. I have forgotten my password
  3. I cannot log into my account
  4. I do not have an account but need assistance
  5. I cannot create a new account

Spoiler: All non default options give some text AND the same phone number to call. Only finding this fact of different flavour texts and same numbers across the different “choices” they present you while writing this post. Feels like a very lazy game master in a roll play group giving you multiple doors to choose from, to get what he calls “different types of glory” and actually all are the same, as he only planned one of them through, and simply pressed copy&paste.

Back to our selection. We selected option 2 and get prompted by some text and a number that we can call. Actually 2 numbers: 08001807736 and 00498938034882 for foreign calls. As we did initially visit amazon.at and got redirected as mentioned above, but some might not notice this. Knowing that for Germany, us living in Austria counting as foreign, we need to call the second number, duh.

Having “The Talk”

The actual call went smooth, good support, no long waiting time (at 21:30 local time). Having everything prepared we were able to provide: original mail address, real account holder name, last order sent to that location and the postal code of the main residence. IT support has been made aware, the number and mail address have been forwarded for “analysis” and we have been told that resetting if the account will happen within 24 hours, potentially contacting the owner..

Frankly, I didn’t think this would turn out to be a long journey, but going through all those helpdesk pages and finding the right approach to go to the “login” page, where you have been hacked to then select a help page there to get to the same service desk, that is actually different, as it does not require a login.

Lessons learned

Number of amazon support stored in phone, passwords changed, longer password generated, different passwrod for every login and password store updated. Having a lookout on why this might have happened and doing further training on cyber security.

Update to follow once the actual account reset happened and access has been restored (or not).

Update

Within 20 minutes after the initial call the legit account owner received an email from amazon. Account reset was triggered (can take up to 2 hours), orders canceled and refunded, all other settings including the original mail address set. A nice text telling us to please use the “forgot password” function - this time we have access to the account’s mail address. Entering a verification code we receive via mail, followed by entering the original phone number the account was associated with earlier, we have to enter a new password. With this, full access to the account is restored.

Adding two factor authentication (2FA) and live happy ever after.

PS.: Reading the footer in the support restore mail, we find a phone number for Austria that we tried to call earlier as of a search engine query return result, that number is out of order. Helpdesk ticket might be created.