This topic contains 1 reply, has 2 voices, and was last updated by BeigeAlmighty 1 month, 3 weeks ago.
- April 9, 2020 at 8:29 pm #232855
So I hadnt received mail in a few weeks, I called my local post office and they said my mail was put on hold. I went to my post office and got my mail, they said someone got online and put my mail on hold. When they handed me mail there was a package adressed to me from Amazon. I opened it, it was an Apple Ipad 11 Pro. Which i did not order. So i started freaking out cause after a quick google, i realized it was a 900$ tablet. I checked my bank accounts and paypal, i had no charges. I went to log into my amazon account and my password was changed. I tried to use the forgot password link but i wasnt getting the email to reset the password. I called amazon and explained everything, they got me back into my amazon account. There were no orders for an ipad on my account what so ever. They told me they would open up a fraud investigation and i would be contacted within 24 hours. I then figured out that whoever did this had goten my email and filtered all my emails from amazon to be blocked, hence why I wasnt getting a password reset link. I then wanted to get more information on the Ipad. So i typed in the exact model on amazon and when i did above the Ipad it said “you last purchased this item march 21st” and had a click to view this order button. So i clicked it and theres no history of this order. Even when i talked to customer service they said there was no history. I then looked at the previous viewed items on my amazon account and it was a bunch of expensive armani clothing and Nike and other apple products. But he only ordered the ipad. My question is, is how did he pay for it… My guess a stolen credit card. But how did the purchase not show up on my amazon account order history. Its just not there. Clearly he put my mail on hold to try to walk into the post office and try to impersonate me. Im guessing it didnt work. But im baffled as to how he tricked amazons website. And even trick their customer service. Amazons customer service asked me for the tracking number on the box, i gave it to them and it didnt work. Nothing showed up. I asked them if i needed to ship the ipad back and they told me to keep it. It all feels to fishy to me, im not going to touch the ipad for a while, cause i dont trust the situation and dont want it to come back and screw me.
How did he do it?
- April 9, 2020 at 8:29 pm #232856
He might work for Amazon, many of these scams are done by current or past employees on temp contracts.
- April 9, 2020 at 8:29 pm #232857
Put your e-mail in [haveibeenpwned](https://haveibeenpwned.com/), did it come up? Do you reuse passwords on any of the sites listed? Do you use a weak password? I would guess you got breached in a standard spray attack. The perpetrator acquires usernames and passwords (technically they were probably just the hashes, and they had to crack them first), and then attempts to login to a list of major sites (i.g. Instagram, Facebook, Amazon, Google, Twitter, etc, etc) using the password (or minor mutations of it) from the breach. The successful results are stored in a file, and sold to people like the guy who took over your account.
That or you clicked a link and got phished.
- April 9, 2020 at 8:29 pm #232858
I remember reading about a similar scam. IIRC the scammer was ordering items via the Amazon app on a smart TV using vouchers (or CCs I cant remember). For some reason purchases made via the TV app don’t (or didnt) sync with the parent account.
Amazon don’t have a “list logged on devices” feature for customers, but a customer service person does.
If your acc was logged into by a smart tv you don’t recognise I’d bet that was the schtick
- April 9, 2020 at 8:29 pm #232860
I’ll be upfront and say that I’ve got no clue how the attacker managed to bypass Amazon’s systems.
As for the iPad.. I would not trust it. If the attacker is able to pull off this kind of fraud, then I wouldn’t trust that device for a single second. I know it’s an expensive piece of hardware, but if you plan to keep it, AT LEAST reset it to factory settings. Afaik jailbreaking Apple’s firmware isn’t as easy as it used to be. Check with Apple if they can verify the legitimacy of your device.
Otherwise, throw it away.
You must be logged in to reply to this topic.