Amazon’s customer service backdoor

Weird, I didn’t contact Amazon support?
“That’s all I needed”.
Using the address they got the last time from Amazon..
Again?! For fucks sake.
Yeah, that totally looks legit.
  • NEVER DO CUSTOMER SUPPORT UNLESS THE USER CAN LOG IN TO THEIR ACCOUNT. The only exception to this, would be if the user forgot the password, and there should be a very strict policy. The problem is, 9999 times out of 10000 support requests are legitimate, agents get trained to assume they’re legitimate. But in the 1 case they’re not, you can completely fuck someone over.
  • Show support agents the ip address of the person connecting. Is it a usual one? Is it a VPN/tor one? etc. Give them a warning to be suspicious.
  • Email services should allow me to easily create lots of aliases. Right now the best defense against social engineering seems to be my fastmail account which allows me to create 1 email address alias per service. This makes it incredibly difficult for an attacker when they can’t even figure out your email.
  • Please make whois protection default. Mine leaked because a stupid domain I didn’t care about had its namecheap whois protection expire

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Adding Live Chat In WordPress

Ola is valued at $7.3 billion. Do you know why? Explained

Why NEVER Getting Sued Is TERRIBLE for Your Business

Optimizing The Subscription Experience For Furniture Rental

An European point of view

#FutureOfLogistics: Deliveries will get cheaper, courtesy Micro-fulfilment!

Don’t go down with the ship

How To Develop A Mobile Banking App?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eric

Eric

More from Medium

Total Experience / Key Trend or Buzzword?

Digital Transformation In Banking: Current Trends

Open Banking: Securely Sharing Data

Designing a Universal Audit Data Model