Amazon’s customer service backdoor

Weird, I didn’t contact Amazon support?
“That’s all I needed”.
Using the address they got the last time from Amazon..
Again?! For fucks sake.
Yeah, that totally looks legit.
  • NEVER DO CUSTOMER SUPPORT UNLESS THE USER CAN LOG IN TO THEIR ACCOUNT. The only exception to this, would be if the user forgot the password, and there should be a very strict policy. The problem is, 9999 times out of 10000 support requests are legitimate, agents get trained to assume they’re legitimate. But in the 1 case they’re not, you can completely fuck someone over.
  • Show support agents the ip address of the person connecting. Is it a usual one? Is it a VPN/tor one? etc. Give them a warning to be suspicious.
  • Email services should allow me to easily create lots of aliases. Right now the best defense against social engineering seems to be my fastmail account which allows me to create 1 email address alias per service. This makes it incredibly difficult for an attacker when they can’t even figure out your email.
  • Please make whois protection default. Mine leaked because a stupid domain I didn’t care about had its namecheap whois protection expire

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

$OTLY Oatly IPO | S1-Breakdown

Victor Koch Oatly IPO

Apple TV+ Is Making Moves!

Irina Samoylova Kunces awarded the ‘Excellence in Finance Leaders’ award at FiNext Conference…

Introducing the adChain Registry!

The Planning Process for Adding New Staff to Your eCommerce Business

The Key to Grocery Retail Success? Combining Online and In-Store Experience

Mergers, Acquisitions and Takeovers — Evaluation

No one cares about the color of the container: Sune Stilling, Head of Growth at Maersk, on…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eric

Eric

More from Medium

Cloud Data Migration Roadmap for Enterprises — CloudFuze

How are you protecting your backups?

A stone castle on a hilltop

AWS Billing : Auto-Adjusting Budgets

FinOps Foundation’s “FinOps Certified Professional” Certification