Amazon’s customer service backdoor

Weird, I didn’t contact Amazon support?
“That’s all I needed”.
Using the address they got the last time from Amazon..
Again?! For fucks sake.
Yeah, that totally looks legit.
  • NEVER DO CUSTOMER SUPPORT UNLESS THE USER CAN LOG IN TO THEIR ACCOUNT. The only exception to this, would be if the user forgot the password, and there should be a very strict policy. The problem is, 9999 times out of 10000 support requests are legitimate, agents get trained to assume they’re legitimate. But in the 1 case they’re not, you can completely fuck someone over.
  • Show support agents the ip address of the person connecting. Is it a usual one? Is it a VPN/tor one? etc. Give them a warning to be suspicious.
  • Email services should allow me to easily create lots of aliases. Right now the best defense against social engineering seems to be my fastmail account which allows me to create 1 email address alias per service. This makes it incredibly difficult for an attacker when they can’t even figure out your email.
  • Please make whois protection default. Mine leaked because a stupid domain I didn’t care about had its namecheap whois protection expire




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Adding Live Chat In WordPress

Ola is valued at $7.3 billion. Do you know why? Explained

Why NEVER Getting Sued Is TERRIBLE for Your Business

Optimizing The Subscription Experience For Furniture Rental

An European point of view

#FutureOfLogistics: Deliveries will get cheaper, courtesy Micro-fulfilment!

Don’t go down with the ship

How To Develop A Mobile Banking App?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

Total Experience / Key Trend or Buzzword?

Digital Transformation In Banking: Current Trends

Open Banking: Securely Sharing Data

Designing a Universal Audit Data Model