Unusual amazon account activity

Sep 3rd, 2020 7:26 am

#1

headleygrange [OP]: Deal Addict; Apr 13, 2017; 1591 posts; 707 upvotes; GTA

Sep 3rd, 2020 7:26 am

Few weeks ago, got an email that mobile number has been deleted from amazon uk account (I never signed up for amazon uk). One more email that there was a sign in attempt from Washington DC.

Reset my password, removed my payment methods.

Yesterday got email that there was an order placed from my amazon.ca account , followed by email that my account has been locked and that I would need to reset my password.

Checked my account- no orders, charges to my credit card etc (I had removed all my credit cards).

Anyone also had similar unusual activity? I’m pretty much done with amazon. I set a super strong password and have 2 factor authentication, but still hacked.

Share:

Sep 3rd, 2020 7:59 am

#2

engineered: Deal Expert; Feb 11, 2007; 15413 posts; 16506 upvotes; Oakville

Sep 3rd, 2020 7:59 am

Are you sure those emails are actually from Amazon and not phishing emails?

Win a PS5 with RFD!

+10

Sep 3rd, 2020 8:25 am

#3

tew: Deal Addict; Jun 13, 2010; 2958 posts; 2885 upvotes; GTA

Sep 3rd, 2020 8:25 am

engineered wrote: ↑ Are you sure those emails are actually from Amazon and not phishing emails?

This. Has nothing to do with your Amazon account, they just want you to click on the link in the email. I've have "payment failed" emails from "Netflix" to an email I didn't use for Netflix, Paypal problem emails and I don't use Paypal. I even had messages for problems with my account from banks I've never used.

+5

Sep 3rd, 2020 9:56 am

#4

mindabsence: Sr. Member; Nov 23, 2004; 642 posts; 988 upvotes; Ontario

Sep 3rd, 2020 9:56 am

You've been phished my friend.

Anywhere else you use that email or password I would also be going and resetting because they now have that particular email+password combination known, and likely also being published/sold among all sorts of illegitimate groups out there now too.

+1

Sep 3rd, 2020 10:00 am

#5

headleygrange [OP]: Deal Addict; Apr 13, 2017; 1591 posts; 707 upvotes; GTA

Sep 3rd, 2020 10:00 am

Not phishing. They are legit amazon emails. I used unique password for amazon that was never used elsewhere.

Sep 3rd, 2020 10:45 am

#6

tew: Deal Addict; Jun 13, 2010; 2958 posts; 2885 upvotes; GTA

Sep 3rd, 2020 10:45 am

headleygrange wrote: ↑ Not phishing. They are legit amazon emails. I used unique password for amazon that was never used elsewhere.

How can they be legit if you never signed up for the UK? Call Amazon, they will tell you if they are real or not.

+1

Sep 3rd, 2020 11:42 am

#7

headleygrange [OP]: Deal Addict; Apr 13, 2017; 1591 posts; 707 upvotes; GTA

Sep 3rd, 2020 11:42 am

Called amazon. Apparently, someone hacked my account, added a payment information (not my card) and sent a package to my address.

Weird.

Anyways, they canceled order, payment method etc. I had 2 factor authentication set always on, but somehow they were able to skip that.

+1

Sep 3rd, 2020 11:51 am

#8

Jaytee: Deal Fanatic; Jul 7, 2003; 7234 posts; 2027 upvotes; T dot 6

Sep 3rd, 2020 11:51 am

headleygrange wrote: ↑ I had 2 factor authentication set always on

Thanks, I didnt even realized amazon.ca supported 2FA

stubhub and clearly.ca suck, like really suck

Sep 3rd, 2020 11:52 am

#9

Jaytee: Deal Fanatic; Jul 7, 2003; 7234 posts; 2027 upvotes; T dot 6

Sep 3rd, 2020 11:52 am

headleygrange wrote: ↑ I had 2 factor authentication set always on, but somehow they were able to skip that.

Im curious, did you use SMS or Authenicator app for 2FA?

I read SMS is not a secure method for 2FA, its better then no 2FA but phone numbers can be spoofed.

stubhub and clearly.ca suck, like really suck

Sep 3rd, 2020 11:57 am

#10

headleygrange [OP]: Deal Addict; Apr 13, 2017; 1591 posts; 707 upvotes; GTA

Sep 3rd, 2020 11:57 am

Jaytee wrote: ↑ Im curious, did you use SMS or Authenicator app for 2FA?

I read SMS is not a secure method for 2FA, its better then no 2FA but phone numbers can be spoofed.

SMS.

Sep 3rd, 2020 11:57 am

#11

tew: Deal Addict; Jun 13, 2010; 2958 posts; 2885 upvotes; GTA

Sep 3rd, 2020 11:57 am

headleygrange wrote: ↑ Called amazon. Apparently, someone hacked my account, added a payment information (not my card) and sent a package to my address.

Weird.

Anyways, they canceled order, payment method etc. I had 2 factor authentication set always on, but somehow they were able to skip that.

Weird. Don't see what the hacker gets out of it shipping something to your address.

Sep 3rd, 2020 12:23 pm

#12

Jucius Maximus: Deal Expert; Aug 18, 2005; 19934 posts; 4520 upvotes; Burlington-Hamilton

Sep 3rd, 2020 12:23 pm

This kind of thing is why I create a unique e-mail for each service I use. It's a hassle to set up, but you can shoot down scam attempt really fast.

+2

Sep 3rd, 2020 2:04 pm

#13

BobSagget: Deal Expert; Jan 17, 2009; 18713 posts; 26941 upvotes; ONTARIO

Sep 3rd, 2020 2:04 pm

Jaytee wrote: ↑ Thanks, I didnt even realized amazon.ca supported 2FA

I use the Google Authenticator app as my 2FA on Amazon and it works great.
I wish every website would add support for this! Especially banking websites like TD.

+2

Sep 3rd, 2020 2:11 pm

#14

sudesingh: Sr. Member; Sep 24, 2004; 777 posts; 356 upvotes; Scarborough

Sep 3rd, 2020 2:11 pm

BobSagget wrote: ↑ I use the Google Authenticator app as my 2FA on Amazon and it works great.
I wish every website would add support for this! Especially banking websites like TD.

Didn't know Amazon supported Google Authenticator.

Thanks for the tip.

Sep 3rd, 2020 2:19 pm

#15

Jucius Maximus: Deal Expert; Aug 18, 2005; 19934 posts; 4520 upvotes; Burlington-Hamilton

Sep 3rd, 2020 2:19 pm

BobSagget wrote: ↑ I use the Google Authenticator app as my 2FA on Amazon and it works great.
I wish every website would add support for this! Especially banking websites like TD.

Has amazon updated now so that you can exclusively use Google Authenticator, etc., without having a phone number backup?

This is the whole reason I didn't enable 2FA on Amazon. I don't want my phone provider the be the weakest link.

What if there were no hypothetical questions?

Sep 3rd, 2020 2:22 pm

#16

headleygrange [OP]: Deal Addict; Apr 13, 2017; 1591 posts; 707 upvotes; GTA

Sep 3rd, 2020 2:22 pm

So, only keep the authenticator app, but not use any backup method ?

Sep 3rd, 2020 2:23 pm

#17

BobSagget: Deal Expert; Jan 17, 2009; 18713 posts; 26941 upvotes; ONTARIO

Sep 3rd, 2020 2:23 pm

Jucius Maximus wrote: ↑ Has amazon updated now so that you can exclusively use Google Authenticator, etc., without having a phone number backup?

This is the whole reason I didn't enable 2FA on Amazon. I don't want my phone provider the be the weakest link.

yes, I think so. It's been a few months now since I set it up but I don't remember needing any phone number backup when I enabled it.

Sep 3rd, 2020 2:26 pm

#18

BobSagget: Deal Expert; Jan 17, 2009; 18713 posts; 26941 upvotes; ONTARIO

Sep 3rd, 2020 2:26 pm

Jucius Maximus wrote: ↑ Has amazon updated now so that you can exclusively use Google Authenticator, etc., without having a phone number backup?

This is the whole reason I didn't enable 2FA on Amazon. I don't want my phone provider the be the weakest link.

Yes, I just verified again that a phone number backup is not required.

+1

Sep 3rd, 2020 3:10 pm

#19

Jucius Maximus: Deal Expert; Aug 18, 2005; 19934 posts; 4520 upvotes; Burlington-Hamilton

Sep 3rd, 2020 3:10 pm

BobSagget wrote: ↑ yes, I think so. It's been a few months now since I set it up but I don't remember needing any phone number backup when I enabled it.

You're right. Thanks, I have it set up now!!

headleygrange wrote: ↑So, only keep the authenticator app, but not use any backup method ?

That's what I do. But it's dicey. You have to be confident in your own ability to recover from data loss and phone loss.
A good way to do this is to save all of those 2FA QR codes into an encrypted password manager.
And you should be doubly sure you regularly back up that password manager's database. Otherwise you could be in for a big headache if you experience data loss.

What if there were no hypothetical questions?