Tempe web entrepreneur exposes another alarming Amazon vulnerability
Over the summer Wired magazine writer Mat Honan related his nightmare of costly identity theft through vulnerabilities in the way his Amazon, iCloud and Google accounts interacted.
Now it is Chris Cardinal, an executive at Tempe-based web development firm Synapse Studios, who is sounding the alarm about a kind of fraud made possible by Amazon customer service policies that allow scammers to prey off recent legitimate orders to get free stuff sent to them at a new address. Like Honan’s troubles, it’s not really “hacking” but more a form of “social engineering,” as Cardinal describes it in a post republished at Gizmodo.
The vigilant entrepreneur received emails detailing interactions with offshored customer support that never took place — at least as far as he is concerned. He could have dismissed the emails as phishing scams, but took the time to check them and saw they were more insidious than that. It became clear that someone was instigating and re-routing replacement orders for purchases he had made — and scoring hundreds of dollars in expensive camera equipment for free. It doesn’t cost him anything — just opens the possibility that any legitimate issue requiring product replacement might be met with skepticism later on. And that’s his reputation on the line, in a very real way.
What can we take away from his experience? Change your passwords — and get serious about secure ones. Enable two-step authentication. Watch your inbox for signs of suspicious transactions (knowing that some of them might be spam, but others — as Cardinal found — were real, though not legit). And demand better protection from the companies you do business with online.