Amazon has built a reputation on the Internet as being a great place to purchase goods and services online. They offer a plethora of items and some great incentives through their Amazon Prime program that pretty much pays for itself. But lately I’ve been spotting stories across social media complaining about Amazon customer service. From one man’s excruciating effort to receive the correct big screen LED TV to smaller pain in the butt complaints. So while surfing the web last night one particular Amazon customer service story stuck out to me and we felt compelled to share that story.
Amazon customer “Eric” took to Medium to bang out his frustration with Amazon customer service entitling his article, “Amazon’s customer service backdoor.” Eric had been a happy Amazon customer for some time and Eric is also a very security conscious Internet user. So when he received an email from Amazon thanking him for contacting customer service, his red flags went up, he decided to probe further.
Trying to remain optimistic Eric recalled a customer service inquiry he made some time back and thought this might relate to that incident. But when customer service informed him they had a text chat he knew something was wrong, the Amazon rep provided the transcript as proof. So at this point Eric knows someone contacted Amazon impersonating him. After reading the transcript Eric noticed that the impersonator used a physical address that he had registered for one of his domain names. That address was a fake address but it was enough for Amazon to give the impersonator Eric’s real address and phone number. Now the thief has some tangible information to work with.
Eric then contacted Amazon retail and Amazon web services asking them to flag his account as high potential for social engineering and they noted that account, though they did it dismissively. Eric updated his information and even got new credit cards thinking this incident was over and his account was again secured. The amazing thing in this story is the same thing occurs two more times. This time the thief tries to get Amazon customer service to give up Eric’s credit card number (which thankfully they didn’t do). These next two times were almost identical, impersonator takes Eric’s whois info and gets Amazon to give them real info. At this point Eric is fed up with Amazon’s handling of the situation and is closing his Amazon account, you can read Eric’s entire account (very worth checking out) on his Medium post linked below.
So it seems Amazon will give out customer information to someone calling in with incomplete details, the only thing this thief had was a real name and email address. While it sucks that Eric’s whois info was out in the open, Amazon probably should have had a red flag go up when the billing address info provided didn’t match records. We’ve reached out to Amazon for comment on Eric’s story and will update this story if we hear back.
What do you think? Let us know in the comments below or on Google+, Facebook and Twitter.Source: Medium