By Charles Miller
Last week I related the story of what happened when my friend Jim emailed me saying it was his niece’s birthday and he was unable to buy her a US$250 gift card she could use on Amazon. I knew all along that tricking unsuspecting victims into buying gift cards is a very common hacker’s tactic for committing petty theft, and much to my chagrin I was unsuspecting of this in the beginning. Jim is someone I trust and everything about his request seemed okay on the surface. This week I thought it might be informative for readers to learn some of the consequences of being the target of one of these Amazon gift card scams.
I was already aware that logging into my Amazon account from a new location could be a problem. I incorrectly assumed that my friend Jim was also traveling and locked out of his Amazon account. That happened to me when I ordered some items while in my brother’s hospital room in Houston rather than in San Miguel. I had already dealt with that issue a month ago and so it came as a surprise to find myself locked out of my account again.
The message from Amazon said, “We believe that an unauthorized party may have accessed your account. To protect your information, we have disabled the password to your account, reversed any modifications made by this party, canceled any pending orders, and restored any pre-existing gift card balance that may have been used. If two-step verification has been enabled during the unauthorized access, we have disabled it. After two hours you will be able to reset your password and regain access to your account.” The message continued, “In the meantime, we recommend that you do not use the same password that you use on other sites, including your email provider. Actively monitor all your accounts, including your email, and any unauthorized change to auto forwarding or deletion rules of your email setting. We also recommend that you review all recent activity in your payment methods and report any unauthorized charges to your financial institution.”
All of this was different than when I had been locked out before. That time all I had to do was answer an email and I was back into my account immediately. The circumstances were different this time because the fraud prevention team at Amazon had correctly identified the characteristics of my last transaction as being part of a scam.
Amazon’s thoroughness did not stop there. They also scrubbed my account of information cyber crooks might have been able to use to their advantage had they been able to get their hands on it, namely payment methods. Gone were all of my credit cards numbers and recently added shipping addresses. That was an unnecessary step in my case, my account having not been hacked, but Amazon erred on the side of caution. Amazon had recognized a scam was being perpetrated before I did. Their response to that was a textbook example of doing everything right in order to thwart the cyber crooks. Amazon’s vigilance probably saved me more than I know.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 415 101 8528 or email FAQ8@SMAguru.com.
