Amazon Hacker

[securespark]

Beware!
Keep a watch on your internet accounts.
Today, I discovered two delivery advice emails in my inbox for items I did not order.

I thought I'd check my orders. I figured if there were no new orders (I was not expecting any), I would dismiss the emails as a scam.

So I signed in, but the password was rejected.

I already had my suspicions but it was then my fears were confirmed.

I rang the Amazon helpline number and was told that my account had indeed been hacked and items ordered. I was told the items ordered would be cancelled and my account put on hold pending an investigation.

I cancelled my bank card.

In the meantime, more orders were dropping in to my inbox.

I rang again and told them of the new orders. I was assured that they would deal with the situation. I asked to be assured that if any payments went out, they would be swiftly refunded.

Later still, more orders dropped in. This was getting beyond a joke. I rang yet again to ask what the heck was going on and asked that my account be cancelled ASAP.
He told me there were hundreds and hundreds of orders lined up to go out.
What annoys me is that they don't seem to have any ''fraud checks'', ie looking for transactions that appear out of character, especially (as in my case) the fact that the dispatch address was now listed as ''confidential''.
Not at all suspicious......

 

[bernardgreen]

This is another reason why one should be alert. Amazon may be a convenient way to buy goods but there is a price for that convenience.

Read it here HERE

Is Alexa really your friend ?

One [ Amazon hosted ] database contains transcriptions of all 31,082 interactions my family has had with the virtual assistant Alexa. Audio clips of the recordings are also provided.

 

[JP_]

Ooh, will check. I usually see off things on my emails that my wife orders, and actually saw something off pop up yesterday that I ignored!

 

[EFLImpudence]

People should not keep much money in the account(s) used for internet buying.

 

[motorbiking]

Yep it would be a simple algorithm. But they are the worlds biggest to consumer outfit, even their competitors use them. Eventually people will get fed up with them.

 

[securespark]

People should not keep much money in the account(s) used for internet buying.

Don't most do what I do and link your "buysitall" debit card to the account?

Is it possible to do the following?

Have an account which offers a debit card that is then linked to all internet retailers that has no overdraft and a small (or zero) balance which you transfer money to from your current account just prior to making a purchase?

Is this possible?
My bank requires a minimum of £1K depositing every month.

 

[sodthisforfun]

Can get very basic accounts which probably don't ask for any minimum income. There's no internet access and no overdraft, just plain old money and a debit card. I know Barclays and the post office used to do them.

Sorry you're going through this Secure, royal pain in the backside.

 

[EFLImpudence]

Don't most do what I do and link your "buysitall" debit card to the account?

I don't know what "buysitall" is.
Have you only got one account? Surely they won't demand a minimum deposit in all accounts - or if they do go to another bank.
I have savings account and debit card account in UK. Pension goes into debit account and if I don't spend it all (not often), move to savings account.
Also have debit card account here which always has very little in it and credit card with low limit for emergencies.
Also have Transferwise account with pounds, euros and dollars, which I exchange when rates are favourable, for buying here and from U.S (I have American van (which I bought on impulse to drive here)).

Is it possible to do the following?
Have an account which offers a debit card that is then linked to all internet retailers that has no overdraft and a small (or zero) balance which you transfer money to from your current account just prior to making a purchase?

Or vice versa. Don't see why not.

 

[securespark]

I don't know what "buysitall" is.

Just one debit card linked to a current account.
Yes, we just have one joint current account and a debit card each. No credit cards. There is a savings account linked to the current account, but it does not have a debit card.

 

[KenGMac]

I have been Inundated with promises of "new" checks that my bank are [sometime] soon about to implement, where if someone appears to use their card, or a request for a payment is made to the card provider a text message is sent to he card owner to verify that such a payment has been made or requested from the likes of Amazon if a response from the card owner is not forthcoming, the transaction is not completed, and VOIDED by the bank.

What is not clear at present is if all such banking transactions will be subjected to such bank verification's as above? I presume that standing orders made by the card owner will not need to be individually verified, but all and any shall I call it one-off or not expected transactions could be subject to verification checking?? I suppose that there will be a sort of sliding scale of how many, if any such checks a card holder sets up?

 

[Ihavenojob]

I use paypal for a lot/most internet purchases. There is a security feature I was told about recently (possibly on here), they text a code to your mobile that has to be entered for any transaction, even logging in to paypal.

 

[securespark]

Hmmm. Just logged into PP without a code to my mobile.

 

[Ihavenojob]

Hmmm. Just logged into PP without a code to my mobile.

You have to set it up, very easy. Log into paypal, go to settings (cog wheel)click on security then choose 2 step verification. You will need your mobile whenever you log on afterwards,or make a purchase, but more secure.

 

[Brigadier]

I've reported an issue with the barclays mobile banking app to them, and the people I spoke with gave me zero confidence that they're even interested, that they understand what I'm describing to them, or that they'd even consider sorting it.

Is be interested in finding out whether it's something anyone else experienced / noticed, and whether they are concerned about it.

SOP used to be ;

Open app,
Unlock app (fingerprint, or occasionally asked for pin)
Use app.

What USED to happen was, on finishing with the app, I just pressed the home button on my phone. The app would then log itself out in the background, and remove itself from the "recently - opened apps" part of my 'phone.
Therefore, to use the app again, you have to open it, and unlock it.

However, now,
The app doesn't log itself out, nor does it remove itself from the recently closed apps part.
Provided my phone is unlocked, anyone can access my open banking app.

Is it specific to my version of android, my phone, or is it common across a number of platforms?
While not a totally open door (that I can see), it isn't great and may, for a clever person, indicate a deeper and more fundamental app security weakness?

 

[securespark]

Yeah, very odd. Seems like a backward step.