When creating online accounts, many users are often too trusting of certain websites. The assumption is the bigger the company, the better the security. All too often, though, this isn’t the case. Regardless of where accounts are being created, taking security precautions should always be a priority.
The Amazon case
Amazon customers began worrying about their risk of identity theft after news spread that the e-commerce site’s customer service could be used to obtain private details about them. Eric Springer, former software developer at Amazon, revealed in a recent blog post that a customer service representative had put his identity in jeopardy after revealing sensitive details to someone impersonating him — not one, but three times.
In his post, Springer said that he had received an email from Amazon thanking him for an inquiry he didn’t make. When he questioned the email, he was sent a chat transcript that showed someone using an address Springer had registered some domains under to acquire his real address and phone number in a matter of minutes. With just that information, the thief was able to convince Springer’s bank to issue a new credit card.
After Springer had updated his address and credit card information with Amazon, he was attacked a second time, receiving another “thank you” email from the site for an inquiry he didn’t make. This time, though, the hacker tried, unsuccessfully, to get the last four digits of Springer’s credit card number. After asking Amazon to no longer give out information to anyone using his name and address, Springer found out that the identity thief had called the company directly to try to obtain more sensitive details.
In a similar scenario, former WIRED editor Mat Honan became a victim of identity theft when hackers used the Apple “Find My” tool to wipe his laptop and phone. After the incident, WIRED launched an investigation into tech support features, which included Amazon. The magazine found the same security hole used by Springer’s hacker. This was three years ago, though, meaning Amazon has been aware of these issues but has yet to fully address them. These incidents also show that not even the most tech-savvy users can always thwart these types of attacks.
What can be done?
Springer suggests that Amazon take a few extra steps to make sure no other customer becomes a victim of identity theft due to these oversights. Overall, he said that customer support representatives should be better trained to recognize suspicious activity, like someone who needs assistance but can’t log into his or her account or is contacting them from a VPN/tor IP address. He also urged users to be more cautious with their information online. Big companies like Amazon are no more immune to hackers than any other site.
Until these companies can improve their own security, your vigilance will always be invaluable. This means taking personal measures to protect your identity, like guarding your personal information and using a variety of emails, passwords and usernames across different online accounts.
Another way you can bolster your personal security is by investing in an identity theft protection service that can alert you to certain activity that may indicate fraud. You should aso consider other services or tools that help you protect your digital privacy, like Privacy Now.